[Bug 3685] Putting `RevokedKeys none` inside a `Match` block causes SSHD to try to load a file named 'none'
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 6 05:03:52 AEDT 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=3685
shaftoe at dnb.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |shaftoe at dnb.com
--- Comment #1 from shaftoe at dnb.com ---
This is also true for AuthorizedPrincipalsCommand and
AuthorizedPrincipalsCommandUser inside a Match block.
sshd returns an error that "none" is not an absolute path, as though it
is trying to use "none" as a command. It also notes that it cannot find
a user named "none".
I have only tested this in the context where those two lines are set
globally, and I am attempting to override the global values back to
their defaults for one group.
sshd -T -C "user=<myuser>" returns "none" for both lines.
Overriding them in the match block to actual values works, just not to
"none".
Confirmed with:
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
OpenSSH_8.7p1, OpenSSL 3.5.1 1 Jul 2025
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list