Bug 3352 - subnet mask invalid in pattern matching
Summary: subnet mask invalid in pattern matching
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 8.8p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-07 22:32 AEDT by Lioh
Modified: 2022-02-25 13:57 AEDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lioh 2021-10-07 22:32:17 AEDT 
We are trying to define an AllowUsers rule like user@2001:xxx:xxx:xxx::/64 which works fine, but using a different subnet mask e.g. 2001:xxx:xxx:xxx::/53 leads to an error like: invalid AllowUsers pattern
Comment 1 Darren Tucker 2021-10-08 10:30:03 AEDT 
Are you sure the values of xxx you have elided are actually a valid /53 subnet (ie all of the bits 54-128 are zero?).

$ sudo /usr/sbin/sshd -T -o 'AllowUsers user@2001::/53' | grep allowusers
allowusers user@2001::/53

$ sudo /usr/sbin/sshd -T -o 'AllowUsers user@2001::1/53'
command-line line 0: invalid AllowUsers pattern: "user@2001::1/53"
Comment 2 Damien Miller 2022-01-14 15:31:35 AEDT 
closing for lack of followup
Comment 3 Damien Miller 2022-02-25 13:57:18 AEDT 
closing bugs resolved before openssh-8.9