Bug 1490 - sshd -T reports a string of UNKNOWNs
Summary: sshd -T reports a string of UNKNOWNs
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.1p1
Hardware: All All
: P2 minor
Assignee: Darren Tucker
URL:
Keywords:
: 1497 (view as bug list)
Depends on:
Blocks: V_5_2
  Show dependency treegraph
 
Reported: 2008-07-23 17:02 AEST by Nix
Modified: 2023-01-13 13:33 AEDT (History)
3 users (show)

See Also:

Attachments
My sshd config file (2.47 KB, text/plain)
2008-07-23 17:02 AEST, Nix 		no flags Details
#ifdef out config dump options based on build-time config (1.14 KB, patch)
2008-07-23 17:22 AEST, Darren Tucker 		no flags Details | Diff
do not display disabled options for -T (1.42 KB, patch)
2008-07-23 17:25 AEST, Damien Miller 		dtucker: ok+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nix 2008-07-23 17:02:45 AEST 
Created attachment 1548 [details]
My sshd config file

sshd 5.1p1's nifty new configure-dumping mode reports

port 22
protocol 2
addressfamily any
listenaddress 0.0.0.0:22
listenaddress [::]:22
serverkeybits 1024
logingracetime 600
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
clientaliveinterval 0
clientalivecountmax 3
permitrootlogin yes
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
UNKNOWN no
UNKNOWN yes
UNKNOWN yes
UNKNOWN no
UNKNOWN no
UNKNOWN yes
passwordauthentication yes
kbdinteractiveauthentication no
challengeresponseauthentication no
printmotd yes
printlastlog yes
x11forwarding yes
x11uselocalhost yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment yes
uselogin no
compression delayed
gatewayports no
usedns yes
allowtcpforwarding yes
useprivilegeseparation yes
pidfile /var/run/sshd.pid
xauthlocation /usr/bin/xauth
authorizedkeysfile .ssh/authorized_keys
authorizedkeysfile2 .ssh/authorized_keys2
loglevel INFO
syslogfacility AUTH
hostkey /etc/openssh/ssh_host_key
hostkey /etc/openssh/ssh_host_rsa_key
hostkey /etc/openssh/ssh_host_dsa_key
acceptenv DISPLAY
acceptenv X_ORIGINATING_HOST
acceptenv LANG
acceptenv LC_*
subsystem sftp /usr/libexec/sftp-server
maxstartups 10:100:10
permittunnel no
permitopen

Bringing the UNKNOWNs into greater clarity with a few debugging printf()s (the number is the opcode number, of course):

UNKNOWN opcode name(12) no
UNKNOWN opcode name(13) yes
UNKNOWN opcode name(14) yes
UNKNOWN opcode name(15) no
UNKNOWN opcode name(59) no
UNKNOWN opcode name(60) yes

Config attached: the only option that's there that the compiled OpenSSH doesn't understand is UsePAM.

(In case it's interesting, this was compiled with GCC 4.3.1.)
Comment 1 Damien Miller 2008-07-23 17:12:38 AEST 
The UNKNOWN options seem to be all GSSAPI/Kerberos related. I think they need to be #ifdef'd out when these aren't compiled in.
Comment 2 Darren Tucker 2008-07-23 17:22:44 AEST 
Created attachment 1549 [details]
#ifdef out config dump options based on build-time config

Agreed, that's what it is.  Please try this patch.

I should have had a regress test for this.
Comment 3 Damien Miller 2008-07-23 17:25:35 AEST 
Created attachment 1550 [details]
do not display disabled options for -T

Do not try to print options for facilities that have not been enabled at compile time.
Comment 4 Darren Tucker 2008-07-23 17:32:37 AEST 
Comment on attachment 1549 [details]
#ifdef out config dump options based on build-time config

djm's patch is better because it include UsePAM, please try it instead.
Comment 5 Nix 2008-07-23 17:37:02 AEST 
Well, if *this* is the most serious bug I've ever seen in OpenSSH (and
it is, excepting interaction problems with severely buggy servers), I'm
satisfied :)

Patch 1550 fixes it for me.
Comment 6 Damien Miller 2008-07-23 17:46:51 AEST 
ok, this has been committed and will be in openssh-5.2.

Thanks for the report.
Comment 7 Damien Miller 2008-08-01 07:50:08 AEST 
*** Bug 1497 has been marked as a duplicate of this bug. ***
Comment 8 Damien Miller 2009-02-23 13:35:50 AEDT 
Close bugs fixed/reviewed for openssh-5.2 release