[Bug 2653] New: Including files without read access in ssh configuration fails without error
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Dec 27 09:41:30 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2653
Bug ID: 2653
Summary: Including files without read access in ssh
configuration fails without error
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2920
--> https://bugzilla.mindrot.org/attachment.cgi?id=2920&action=edit
proposed patch
When one is using Include directive in ssh_config and the file is not
readable for a user running ssh, it fails without reasonable error
message:
/etc/ssh/ssh_config: terminating, 1 bad configuration options
It is pretty hard to get, especially when the include works on the
whole drop-in directory, such as:
Include /etc/ssh/ssh_config.d/*.conf
Only log level DEBUG3 shows some pointer where does it come from.
debug3: /etc/ssh/ssh_config line 56: Including file
/etc/ssh/ssh_config.d/10-kex.conf depth 0
/etc/ssh/ssh_config: terminating, 1 bad configuration options
We already ignore failures if the included file does not exist. If it
exists and we don't have permissions to read it, we should either get
better error or ignore it too (as we already do in case of standard
configuration files).
This is not a problem when reading the configuration files directly,
because the return value of the call to read_config_file() is ignored
in ssh.c (honored only in case of -F switch).
Possible solution to resolve this issue, to report read error, but
ignore it from the include files is to introduce new flag (see attached
patch, which fixes the problem for me).
This was originally reported as in Red Hat bugzilla [1].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1408558
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list