Red Hat Bugzilla – Bug 190030
Minor inconsistency in sshd_config-file
Last modified: 2007-04-18 13:42:06 EDT
Minor bug in ssh/sshd_config of openssh-server-3.9p1-8.0.4.legacy:
# GSSAPI options
should surely be:
(second last line needs a "no" to be consistent)
To be consistent with what?
The commented options are the default values the openssh daemon uses if it
doesn't find the item in the config file. Are you saying the openssh daemon sets
GSSAPICleanupCredentials to no when the option is not present in the config file?
There is one line with comment, below one without - I guess for you to easily
"switch" those two lines. The latest two lines however are the same (both yes).
So either maybe we drop the duplicate lines or at least make the commented out
pairs "the same" (one no, one yes).
Or am I wrong?
They aren't there to be able to "switch" between them. From the top of the
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
The option that's commented out tells us what the daemon's default value is if
the config item is not present in the config file. The option that's active
overrides the default value.
In other words, GSSAPICleanupCredentials is set to "yes" by default. It is also
set to "yes" by the uncommented line of the config file.
GSSAPIAuthentication is set to "no" by default when the daemon starts up, but
it's overridden to "yes" because of the uncommented line in the config file.