Bug 190030 - Minor inconsistency in sshd_config-file
Minor inconsistency in sshd_config-file
Product: Fedora Legacy
Classification: Retired
Component: openssh (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Fedora Legacy Bugs
Depends On:
  Show dependency treegraph
Reported: 2006-04-26 16:06 EDT by Stefan Neufeind
Modified: 2007-04-18 13:42 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-04-26 18:30:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stefan Neufeind 2006-04-26 16:06:04 EDT
Minor bug in ssh/sshd_config of openssh-server-3.9p1-8.0.4.legacy:

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

should surely be:
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
GSSAPICleanupCredentials yes

(second last line needs a "no" to be consistent)
Comment 1 Marc Deslauriers 2006-04-26 16:43:45 EDT
To be consistent with what?

The commented options are the default values the openssh daemon uses if it
doesn't find the item in the config file. Are you saying the openssh daemon sets
GSSAPICleanupCredentials to no when the option is not present in the config file?
Comment 2 Stefan Neufeind 2006-04-26 16:50:45 EDT
There is one line with comment, below one without - I guess for you to easily
"switch" those two lines. The latest two lines however are the same (both yes).
So either maybe we drop the duplicate lines or at least make the commented out
pairs "the same" (one no, one yes).

Or am I wrong?
Comment 3 Marc Deslauriers 2006-04-26 17:00:55 EDT
They aren't there to be able to "switch" between them. From the top of the
config file:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

The option that's commented out tells us what the daemon's default value is if
the config item is not present in the config file. The option that's active
overrides the default value.

In other words, GSSAPICleanupCredentials is set to "yes" by default. It is also
set to "yes" by the uncommented line of the config file.

GSSAPIAuthentication is set to "no" by default when the daemon starts up, but
it's overridden to "yes" because of the uncommented line in the config file.

Note You need to log in before you can comment on or make changes to this bug.