Bug 1408558

Summary: ssh config broken after f25 upgrade
Product: [Fedora] Fedora Reporter: Paul DeStefano <prd-fedora>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 25CC: jjelen, mattias.ellert, mgrepl, plautrba, prd-fedora, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-7.4p1-3.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-27 04:22:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul DeStefano 2016-12-24 22:44:26 UTC 
Description of problem:
Config is unusable after F25 upgrade

1) new pkg config references /etc/crypto-policies/back-ends/openssh.txt which does not exist, gives error, ssh broken:
/etc/ssh/ssh_config: terminating, 1 bad configuration options

2) When the aforementioned line is commented out, ssh gives same error.
/etc/ssh/ssh_config: terminating, 1 bad configuration options

Version-Release number of selected component (if applicable):
openssh-clients-7.3p1-7.fc25.x86_64

I've deleting these config files and reinstalling with DNF, but that doesn't help, default configuration is broken.
Comment 1 Jakub Jelen 2016-12-26 15:33:42 UTC 
I can't reproduce it with my install of Fedora 25. You will probably have different errors in the configuration. Not existing files are not errors while including in openssh configuration files.

Please, post the whole error you can see (ideally with -vvv switches to get even more verbosity) and post your configuration files (both system wide in /etc/ssh/ssh_config and per-user ~/.ssh/config).
Comment 2 Paul DeStefano 2016-12-26 19:22:30 UTC 
Ah, -vvv helped.  Thanks much.  Sorry for the trouble.

with only one -v, it says:
...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
/etc/ssh/ssh_config: terminating, 1 bad configuration options

But, my added file, which had lines known to work in ssh_config, didn't have correct context.  With -vvv I see:
...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/10-local.conf depth 0
/etc/ssh/ssh_config: terminating, 1 bad configuration options

Very misleading in both cases since it says implicates the default config in first case and says it included the local file in the second case, but, in fact, it *failed* to include the file.
Comment 3 Jakub Jelen 2016-12-26 22:42:05 UTC 
Oh ... bad permissions. I didn't test how does it behave and yes, it is confusing. I filled a bug upstream. Thank you for filling the bug and coming back with the problem.
Comment 4 Fedora Update System 2017-02-22 15:09:49 UTC 
openssh-7.4p1-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-95d95b8725
Comment 5 Fedora Update System 2017-02-23 23:20:57 UTC 
openssh-7.4p1-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-95d95b8725
Comment 6 Fedora Update System 2017-02-27 04:22:16 UTC 
openssh-7.4p1-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.