PubkeyAcceptedKeyTypes with + in Match block not working correctly.

Damien Miller djm at mindrot.org
Tue Feb 9 22:07:10 AEDT 2016


On Tue, 8 Feb 2016, Andy Bradford wrote:

> Hello,
> 
> I notice that if I configure sshd_config with:
> 
> PubkeyAcceptedKeyTypes +ssh-dss
> 
> Everything  works as  expected  and  the algorithm  is  appended to  the
> default list, but if  I place that same option in a  Match block it does
> not extend the setting, but instead replaces it with a literal string of
> ``+ssh-dss'' which effectively disables all algorithms.

This was fixed in commit ed08510d38 and will be in openssh-7.2, which
is due real soon now (~weeks).

https://anongit.mindrot.org/openssh.git/commit/?id=ed08510d38

-d


More information about the openssh-unix-dev mailing list