Bug 1624425

Summary: libssh-0.8.1-4 fails to parse "Match" directive in SSH configuration: "ERROR - unimplemented opcode: 1"
Product: [Fedora] Fedora Reporter: Steven Bakker <sb>
Component: libsshAssignee: Jakub Jelen <jjelen>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 28CC: asn, jfch, jjelen, negativo17, plautrba, rdieter
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libssh-0.8.3-3.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-08 11:01:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Bakker 2018-08-31 14:20:14 UTC 
Description of problem:

My SSH configuration (~/.ssh/config) contains a few "Match" directives for certain hosts:

    Match host myhost exec "ip route show|grep ' via 192.168.192.1 '"
        HostName myhost.home-lan

    Match host myhost
        HostName myhost.my.domain

Version 0.7.5-7 of libssh parsed this correctly, version 0.8.1-4 fails with:

    ERROR - unimplemented opcode: 1

This is especially annoying since I use "yafc", which uses libssh.

Version-Release number of selected component (if applicable):

    0.8.1-4

How reproducible:

Always. Any "Match" entry in the SSH configuration will produce this error.

Steps to Reproduce:

1. Edit ~/.ssh/config to add a "Match host foo" line (doesn't matter where).

2. Start "yafc":

    yafc sftp://demo-user:demo-user.com:2222

Actual results:

    yafc 1.3.5
    This program comes with ABSOLUTELY NO WARRANTY; for details type 'warranty'.
    This is free software; type 'copyright' for details.

    Failed to parse ssh config: ERROR - unimplemented opcode: 1
    yafc> 

Expected results:

    yafc 1.3.5
    This program comes with ABSOLUTELY NO WARRANTY; for details type 'warranty'.
    This is free software; type 'copyright' for details.

    remote system: SSH (version 2)    
    yafc demo-user.com:/> 

Additional info:

Works fine with libssh version 0.7.5-7.

Other clients using SSH do not have this problem, such as "ssh", "sftp", "lftp", but none of them use libssh. The "curl" program is linked to libssh, but it apparently doesn't parse the SSH configuration file.
Comment 1 Andreas Schneider 2018-09-03 14:21:06 UTC 
Jakub, could you look into that?
Comment 2 Jakub Jelen 2018-09-03 15:42:23 UTC 
This seems like the Match keyword is not very common in the client configuration. You can rewrite the simple case using the Host keyword, which works fine with libssh. Unfortunately, there is no workaround for the more complicated example you provided.

In the past, the unknown option was ignored, but recently (almost a year ago), I added most of the missing options, based on Aris commit, but it was somehow left unhandled.

I will have a look into that. Sipmle workaround is to add this opcode to ignored, better is to implement the actual matching, which will have to happen sooner or later anyway.
Comment 3 Jakub Jelen 2018-09-04 17:34:56 UTC 
I just implemented the minimal parsing of the Match keyword, which just accepts the simple options (all, host, user and negated variants) and ignores the rest with silent warning:

https://gitlab.com/jjelen/libssh-mirror/tree/config-match

Lets wait for the CI to complete and I will propose the change upstream so we can fix this with a next update.
Comment 4 Steven Bakker 2018-09-05 15:46:24 UTC 
Nice one, thanks!
Comment 5 Andreas Schneider 2018-10-08 11:01:24 UTC 
This is fixed with libssh 0.8.3.