ssh_config: Match exec broken

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ssh_config: Match exec broken

Klemens Nanni-2
Just upgraded the latest snapshot

OpenBSD 6.3-beta (GENERIC.MP) #25: Fri Mar  2 14:41:23 MST 2018

The following ssh_config(5) snippet is now broken:

        Match exec "echo %n | grep -qxE 'some|nifty|regex'"
                Include some/config

        $ ssh some_host
        Unsupported Match attribute echo
        /home/kn/.ssh/config line 42: Bad Match condition

Reverting the following commit fixes this and I can connect again
regardless of matching:

        revision 1.124
        date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  commitid: nNRsCijZiGG6SUTT;
        Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
        option strings. bz#1596 ok markus@

Reply | Threaded
Open this post in threaded view
|

Re: ssh_config: Match exec broken

Stuart Henderson
On 2018/03/03 04:52, Klemens Nanni wrote:

> Just upgraded the latest snapshot
>
> OpenBSD 6.3-beta (GENERIC.MP) #25: Fri Mar  2 14:41:23 MST 2018
>
> The following ssh_config(5) snippet is now broken:
>
> Match exec "echo %n | grep -qxE 'some|nifty|regex'"
>        Include some/config
>
> $ ssh some_host
> Unsupported Match attribute echo
> /home/kn/.ssh/config line 42: Bad Match condition
>
> Reverting the following commit fixes this and I can connect again
> regardless of matching:
>
> revision 1.124
> date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  commitid: nNRsCijZiGG6SUTT;
> Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
> option strings. bz#1596 ok markus@
>

Related, I have a bunch of machines with address match lines including quotes:

Match Address "192.168.0.0/16,2001:xxx:xxxx::/48"

It seems this wasn't required before (for some reason I thought it was), but
it was accepted - this now prevents sshd startup until the "s are removed.

Fortunately I discovered this on a machine where I have serial console :-)

Reply | Threaded
Open this post in threaded view
|

Re: ssh_config: Match exec broken

Damien Miller
I've reverted it

On Wed, 7 Mar 2018, Stuart Henderson wrote:

> On 2018/03/03 04:52, Klemens Nanni wrote:
> > Just upgraded the latest snapshot
> >
> > OpenBSD 6.3-beta (GENERIC.MP) #25: Fri Mar  2 14:41:23 MST 2018
> >
> > The following ssh_config(5) snippet is now broken:
> >
> > Match exec "echo %n | grep -qxE 'some|nifty|regex'"
> >        Include some/config
> >
> > $ ssh some_host
> > Unsupported Match attribute echo
> > /home/kn/.ssh/config line 42: Bad Match condition
> >
> > Reverting the following commit fixes this and I can connect again
> > regardless of matching:
> >
> > revision 1.124
> > date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  commitid: nNRsCijZiGG6SUTT;
> > Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
> > option strings. bz#1596 ok markus@
> >
>
> Related, I have a bunch of machines with address match lines including quotes:
>
> Match Address "192.168.0.0/16,2001:xxx:xxxx::/48"
>
> It seems this wasn't required before (for some reason I thought it was), but
> it was accepted - this now prevents sshd startup until the "s are removed.
>
> Fortunately I discovered this on a machine where I have serial console :-)
>

Reply | Threaded
Open this post in threaded view
|

Re: ssh_config: Match exec broken

Stuart Henderson
On 2018/03/08 10:47, Damien Miller wrote:
> I've reverted it

Thank you.