Bug 1270931 - Some sshd_config directives not dumped by sshd -T when not specifed explicitly
Some sshd_config directives not dumped by sshd -T when not specifed explicitly
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssh (Show other bugs)
6.7
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Jakub Jelen
BaseOS QE Security Team
:
Depends On: 1270925
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-12 13:16 EDT by Stanislav Zidek
Modified: 2015-11-11 04:28 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1270925
Environment:
Last Closed: 2015-11-11 04:28:07 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stanislav Zidek 2015-10-12 13:16:02 EDT
+++ This bug was initially created as a clone of Bug #1270925 +++

Description of problem:

I have just updated our options test and found out that there are still some options/directives not dumped by sshd -T, namely:
allowgroups
allowusers
authorizedkeyscommand
authorizedkeyscommandrunas
authorizedprincipalsfile
chrootdirectory
denygroups
denyusers
forcecommand
hostcertificate
kerberosgetafstoken
match
requiredauthentications
revokedkeys
trustedusercakeys

("match" is probably not a problem)

Version-Release number of selected component (if applicable):
openssh-5.3p1-111.el6

How reproducible:
always

Steps to Reproduce:
1. install clean machine with openssh-server
2. sshd -T |grep DESIRED_OPTION

Actual results:
nothing

Expected results:
DESIRED_OPTION default_value
Comment 1 Jakub Jelen 2015-11-04 10:53:40 EST
(In reply to Stanislav Zidek from comment #0)
> allowgroups
> allowusers
> denygroups
> denyusers
This would work, since it doesn't require any argument, if I am right

> authorizedkeyscommand
> authorizedkeyscommandrunas
> authorizedprincipalsfile
> chrootdirectory
> forcecommand
> hostcertificate
> kerberosgetafstoken
> requiredauthentications
> revokedkeys
> trustedusercakeys
These should have default "none" written out. For most of them, there are filled upstream bugs, but I belive, this is really low priority, since we can get usable config now (note, that we will also get these, if they are in the source config).

> match
this doesn't make sense, since it is not standalone option.
Comment 2 RHEL Product and Program Management 2015-11-11 04:28:07 EST
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.