[Bug 3558] New: Spelling "yes" as "Yes" in sshd_config has a fatal result

Mon Apr 3 20:09:20 AEST 2023

https://bugzilla.mindrot.org/show_bug.cgi?id=3558

            Bug ID: 3558
           Summary: Spelling "yes" as "Yes" in sshd_config has a fatal
                    result
           Product: Portable OpenSSH
           Version: 7.2p2
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: Ulrich.Windl at rz.uni-regensburg.de

Being logged in via SSH I changed an option in sshd_config from "no" to
"Yes". Then I used "sytemctl reload sshd.service", and it ws the last
command I could execute; specifically I was no longer able to connect
via SSH.
As it turned out, sshd died on reload because of the misspelled option
like this:
/etc/ssh/sshd_config line 77: Bad yes/no argument: Yes

And as a consequence sshd died. Any attempt to restart it failed again.

I'm not discussing whether "yes" should be allowed for "yes", but
whether it's OK for sshd to terminate on reload if one single option
was found invalid.
Wouldn't it make much more sense to ignore that option (i.e. ignore the
change) while continuing to run?  I think bind did that for ages.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.