260265 – sshd -T does not work with Match, shows empty result [regression 7.2p1-7.9p1]

Bug 260265 - sshd -T does not work with Match, shows empty result [regression 7.2p1-7.9p1]

Summary: sshd -T does not work with Match, shows empty result [regression 7.2p1-7.9p1]

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	12.2-RELEASE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-07 11:20 UTC by Miroslav Lachman
Modified:	2022-10-16 20:23 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Miroslav Lachman 2021-12-07 11:20:15 UTC

I don't know if this should be considered as bug or "just changed behavior" but it is annoying.
sshd -T works in FreeBSD 11.4 (OpenSSH_7.5) and prints details about current configuration but it does not work with the same configuration file in FreeBSD 12.2 (OpenSSH_7.9).

# sshd -T
'Match Group' in configuration but 'user' not in connection test specification.

Once I have any "Match" in sshd_config then sshd -T does not work. It needs additional -C user=fakeuser to print configuration. (I just needed to view supported ciphers)

You can try it with default sshd_config and add something like this:

Match group sftponly
        ChrootDirectory %h

...or just ucomment the section "Match User anoncvs".

I think sshd -T should still work without -C as it was in older versions and print configuration for any non-matched criteria.

Comment 1 Miroslav Lachman 2022-10-16 20:23:00 UTC

Any progress on this annoying regression?