Bug #26499: Standard Rudder technique “SSH server (OpenSSH)” breaks SSH server if Match blocks exists in sshd_config - Rudder - Issue Tracker

Actions

Copy link

Bug #26499

open

Standard Rudder technique “SSH server (OpenSSH)” breaks SSH server if Match blocks exists in sshd_config

Added by Michel BOUISSOU 3 days ago. Updated 3 days ago.

Status:

New

Priority:

To review

Assignee:

Category:

Techniques

Target version:

8.2.6

Pull Request:

Severity:

Major - prevents use of part of Rudder | no simple workaround

UX impact:

User visibility:

Operational - other Techniques | Rudder settings | Plugins

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

sshd_config can end with Match blocks such as :

# Additional Match Blocks
Match User john,susie,jane,tom
    AllowTcpForwarding no
    X11Forwarding no
    PermitTTY yes

Such blocks do not “end” unless another such block begins.

Rudder standard technique “SSH server (OpenSSH)” appends defined global parameters at the end of the sshd_config file.

This causes the sshd daemon to fail restarting, as it considers this global parameters to be part of the previous “Match” block, which make the configuration invalid.

Actions

Copy link

Updated by Michel BOUISSOU 3 days ago

By the way this is contrary to “man sshd_config(5)” that states that global parameters after match blocks should make the server consider that the block ended.

But it doesn't work and practically speaking in such cases, th sshd daemon just fails starting.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #26499

Standard Rudder technique “SSH server (OpenSSH)” breaks SSH server if Match blocks exists in sshd_config

Updated by Michel BOUISSOU 3 days ago