sshd -p option vs ListenAddress

Roumen Petrov openssh at roumenpetrov.info
Thu Dec 15 09:55:17 EST 2005 

Chris Lightfoot wrote:
> On Wed, Dec 14, 2005 at 02:25:15PM +0100, Peter Stuge wrote:
> 
>>On Wed, Dec 14, 2005 at 12:48:49PM +0000, Chris Lightfoot wrote:
>>
>>>>Two different options (Port and ListenAddress) that control the same
>>>>thing are bound to be at least a little bit confusing.
>>>>
>>>>Although sshd_config(5) is somewhat helpful, it doesn't clearly say
>>>>that ListenAddress has priority over Port, at least with a
>>>>ListenAddress on host 0.

quote form sshd_config(5):
=================================================
...
ListenAddress
              Specifies the local addresses sshd should listen on.  The follow-
              ing forms may be used:

                    ListenAddress host|IPv4_addr|IPv6_addr
                    ListenAddress host|IPv4_addr:port
                    ListenAddress [host|IPv6_addr]:port

              If port is not specified, sshd will listen on the address and all
                 ^^^^    ^^^                      ^^^^^^^^^                 ^^^
              prior Port options specified.  The default is to listen on all
              ^^^^^^^^^^         ^^^^^^^^^
              local addresses.  Multiple ListenAddress options are permitted.
              Additionally, any Port options must precede this option for non
                            ^^^^^^^^         ^^^^^^^^^^^^                 ^^^
              port qualified addresses.
              ^^^^^^^^^^^^^^

=================================================

Is manual page clear or not ?


>>>
>>>No -- it's in the case where all ListenAddress directives
>>>specify a port, rather than where all specify host = 0.
>>
>>Quite right, of course.
>>
>>Is this a bug in code or documentation?
> 
> 
> Well, if we treat it as a bug in documentation, it's
> easier to fix :-)
> 
> That said, it'd be preferable to fix it in the code, since
> that'd make the command-line more useful. One option
> (still a bit confusing, but closer to the internal data
> model) would be to have an analogous -a option to specify
> a ListenAddress, replacing any already-defined
> ListenAddress in the same way that -p replaces any
> already-defined Port.

Be carefull. Rule is do not override already specified options.
Note that -p don't replace any "already-defined Port" !
Also note that sshd accept multiple Port and ListenAddress.

Sample:
.../sshd -f /dev/null \
   -o Port=1234 -p 2345 -o ListenAddress=127.2.2.2 \
   -p 3456 -o ListenAddress=127.3.3.3 \
   -o ListenAddress=127.1.1.1:4567 \
   -D -e -d

Sshd work as is described in manual page.
Chris, could you specify a test case that show bug in manuals or daemon ?


Regards,
Roumen

More information about the openssh-unix-dev mailing list