Created attachment 2541 [details] proposed patch During walk through output of sshd -T in different versions of openssh in our distributions I came up with some problems that are also applicable to upstream so I took time to report them here. Found issues: * UsePAM option is written in integer format, instead of yes/no format * StreamLocalBindMask is not written * AllowAgentForwarding is not written * VersionAddendum is written, but even without value which makes it invalid option when using output again as input sshd_config * AuthenticationMethods is written even if it is empty which causes the same problem like the previous option These issues can be resolved using attached patch. Comments are welcomed. Also in released versions 6.6 and 6.7 is missing this commit, which could be helpful for others looking for some inconsistency in this output: https://anongit.mindrot.org/openssh.git/commit/?id=57d378ec9278ba417a726f615daad67d157de666
Created attachment 2542 [details] proposed git patch Sorry, one more thing to make it complete: * HostCertificate is written with wrong name: HostKey Can be resolved adding: @@ -2185,7 +2185,7 @@ dump_config(ServerOptions *o) o->authorized_keys_files); dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, o->host_key_files); - dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, + dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, o->host_cert_files); dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
Thanks. Committed the UsePAM change to portable and I'm looking at the remainder for OpenBSD now.
OK, the remainder of the patch has been applied and will be in the 6.9 release. Thanks!
Close all resolved bugs after 7.3p1 release