openssh bugs - Feb 2020 - [Bug 3123] New: PermitOpen does not allow wildcards for hosts despite what docs say

https://bugzilla.mindrot.org/show_bug.cgi?id=3123

            Bug ID: 3123
           Summary: PermitOpen does not allow wildcards for hosts despite
                    what docs say
           Product: Portable OpenSSH
           Version: 7.2p2
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: phil at ipom.com

The man page for sshd_config, under `PermitOpen` says:
> The wildcard ?*? can be used for host or port to allow all hosts or 
> ports, respectively.
But this does not seem to be the case. If you do `PermitOpen *:22`, for
example, it denies everything. Using * on the port side works
correctly.

A quick look over the original patch from
https://bugzilla.mindrot.org/show_bug.cgi?id=1857 seems to only add the
wild-card checking code to the port-check path, if I'm reading it
correctly.

Ideally, wildcards on the host side would work, but alternatively, the
docs should be updated.

Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3123

Phil Dibowitz <phil at ipom.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P3

--- Comment #1 from Phil Dibowitz <phil at ipom.com> ---
Just wanted to follow up and see if anyone had a chance to look at
this. Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3123

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
AFAIK wildcards are supported by PermitRemoteOpen, but yeah - they
don't seem to be supported by PermitOpen.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.