Bug 1624425 - libssh-0.8.1-4 fails to parse "Match" directive in SSH configuration: "ERROR - unimplemented opcode: 1"
Summary: libssh-0.8.1-4 fails to parse "Match" directive in SSH configuration: "ERROR ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: libssh
Version: 28
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-31 14:20 UTC by Steven Bakker
Modified: 2018-10-08 11:01 UTC (History)
6 users (show)

Fixed In Version: libssh-0.8.3-3.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-08 11:01:24 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Steven Bakker 2018-08-31 14:20:14 UTC 
Description of problem:

My SSH configuration (~/.ssh/config) contains a few "Match" directives for certain hosts:

    Match host myhost exec "ip route show|grep ' via 192.168.192.1 '"
        HostName myhost.home-lan

    Match host myhost
        HostName myhost.my.domain

Version 0.7.5-7 of libssh parsed this correctly, version 0.8.1-4 fails with:

    ERROR - unimplemented opcode: 1

This is especially annoying since I use "yafc", which uses libssh.

Version-Release number of selected component (if applicable):

    0.8.1-4

How reproducible:

Always. Any "Match" entry in the SSH configuration will produce this error.

Steps to Reproduce:

1. Edit ~/.ssh/config to add a "Match host foo" line (doesn't matter where).

2. Start "yafc":

    yafc sftp://demo-user:demo-user.com:2222

Actual results:

    yafc 1.3.5
    This program comes with ABSOLUTELY NO WARRANTY; for details type 'warranty'.
    This is free software; type 'copyright' for details.

    Failed to parse ssh config: ERROR - unimplemented opcode: 1
    yafc> 

Expected results:

    yafc 1.3.5
    This program comes with ABSOLUTELY NO WARRANTY; for details type 'warranty'.
    This is free software; type 'copyright' for details.

    remote system: SSH (version 2)    
    yafc demo-user.com:/> 

Additional info:

Works fine with libssh version 0.7.5-7.

Other clients using SSH do not have this problem, such as "ssh", "sftp", "lftp", but none of them use libssh. The "curl" program is linked to libssh, but it apparently doesn't parse the SSH configuration file.
Comment 1 Andreas Schneider 2018-09-03 14:21:06 UTC 
Jakub, could you look into that?
Comment 2 Jakub Jelen 2018-09-03 15:42:23 UTC 
This seems like the Match keyword is not very common in the client configuration. You can rewrite the simple case using the Host keyword, which works fine with libssh. Unfortunately, there is no workaround for the more complicated example you provided.

In the past, the unknown option was ignored, but recently (almost a year ago), I added most of the missing options, based on Aris commit, but it was somehow left unhandled.

I will have a look into that. Sipmle workaround is to add this opcode to ignored, better is to implement the actual matching, which will have to happen sooner or later anyway.
Comment 3 Jakub Jelen 2018-09-04 17:34:56 UTC 
I just implemented the minimal parsing of the Match keyword, which just accepts the simple options (all, host, user and negated variants) and ignores the rest with silent warning:

https://gitlab.com/jjelen/libssh-mirror/tree/config-match

Lets wait for the CI to complete and I will propose the change upstream so we can fix this with a next update.
Comment 4 Steven Bakker 2018-09-05 15:46:24 UTC 
Nice one, thanks!
Comment 5 Andreas Schneider 2018-10-08 11:01:24 UTC 
This is fixed with libssh 0.8.3.
Note You need to log in before you can comment on or make changes to this bug.