openssh bugs - Jan 2015 - [Bug 2346] New: sshd -T doesn't write all configuration options in valid format

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

            Bug ID: 2346
           Summary: sshd -T doesn't write all configuration options in
                    valid format
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2541
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2541&action=edit
proposed patch

During walk through output of sshd -T in different versions of openssh
in our distributions I came up with some problems that are also
applicable to upstream so I took time to report them here.

Found issues:
 * UsePAM option is written in integer format, instead of yes/no format
 * StreamLocalBindMask is not written
 * AllowAgentForwarding is not written
 * VersionAddendum is written, but even without value which makes it
invalid option when using output again as input sshd_config
 * AuthenticationMethods is written even if it is empty which causes
the same problem like the previous option

These issues can be resolved using attached patch. Comments are
welcomed.



Also in released versions 6.6 and 6.7 is missing this commit, which
could be helpful for others looking for some inconsistency in this
output:
https://anongit.mindrot.org/openssh.git/commit/?id=57d378ec9278ba417a726f615daad67d157de666

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2541|0                           |1
        is obsolete|                            |

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 2542
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2542&action=edit
proposed git patch

Sorry, one more thing to make it complete:
 * HostCertificate is written with wrong name: HostKey

Can be resolved adding:
@@ -2185,7 +2185,7 @@ dump_config(ServerOptions *o)
            o->authorized_keys_files);
        dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
             o->host_key_files);
-       dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
+       dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
             o->host_cert_files);
        dump_cfg_strarray(sAllowUsers, o->num_allow_users,
o->allow_users);
        dump_cfg_strarray(sDenyUsers, o->num_deny_users,
o->deny_users);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Blocks|                            |2360

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Thanks.  Committed the UsePAM change to portable and I'm looking at the
remainder for OpenBSD now.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
OK, the remainder of the patch has been applied and will be in the 6.9
release.  Thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2346

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.