[Bug 260265] sshd -T does not work with Match, shows empty result [regression]

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 260265] sshd -T does not work with Match, shows empty result [regression 7.2p1-7.9p1]"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 260265] sshd -T does not work with Match, shows empty result [regression 7.2p1-7.9p1]"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 07 Dec 2021 11:20:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260265

            Bug ID: 260265
           Summary: sshd -T does not work with Match, shows empty result
                    [regression]
           Product: Base System
           Version: 12.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: 000.fbsd@quip.cz

I don't know if this should be considered as bug or "just changed behavior" but
it is annoying.
sshd -T works in FreeBSD 11.4 (OpenSSH_7.5) and prints details about current
configuration but it does not work with the same configuration file in FreeBSD
12.2 (OpenSSH_7.9).

# sshd -T
'Match Group' in configuration but 'user' not in connection test specification.

Once I have any "Match" in sshd_config then sshd -T does not work. It needs
additional -C user=fakeuser to print configuration. (I just needed to view
supported ciphers)

You can try it with default sshd_config and add something like this:

Match group sftponly
        ChrootDirectory %h

...or just ucomment the section "Match User anoncvs".

I think sshd -T should still work without -C as it was in older versions and
print configuration for any non-matched criteria.

-- 
You are receiving this mail because:
You are the assignee for the bug.