Bug 3123 - PermitOpen does not allow wildcards for hosts despite what docs say
Summary: PermitOpen does not allow wildcards for hosts despite what docs say
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.2p2
Hardware: Other Linux
: P3 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-02-19 12:16 AEDT by Phil Dibowitz
Modified: 2020-05-31 10:06 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Phil Dibowitz 2020-02-19 12:16:04 AEDT 
The man page for sshd_config, under `PermitOpen` says:

> The wildcard ‘*’ can be used for host or port to allow all hosts or 
> ports, respectively.

But this does not seem to be the case. If you do `PermitOpen *:22`, for example, it denies everything. Using * on the port side works correctly.

A quick look over the original patch from https://bugzilla.mindrot.org/show_bug.cgi?id=1857 seems to only add the wild-card checking code to the port-check path, if I'm reading it correctly.

Ideally, wildcards on the host side would work, but alternatively, the docs should be updated.

Thanks!
Comment 1 Phil Dibowitz 2020-05-31 10:06:37 AEST 
Just wanted to follow up and see if anyone had a chance to look at this. Thanks!