PubkeyAcceptedKeyTypes with + in Match block not working correctly.
Damien Miller
djm at mindrot.org
Tue Feb 9 22:07:10 AEDT 2016
On Tue, 8 Feb 2016, Andy Bradford wrote:
> Hello,
>
> I notice that if I configure sshd_config with:
>
> PubkeyAcceptedKeyTypes +ssh-dss
>
> Everything works as expected and the algorithm is appended to the
> default list, but if I place that same option in a Match block it does
> not extend the setting, but instead replaces it with a literal string of
> ``+ssh-dss'' which effectively disables all algorithms.
This was fixed in commit ed08510d38 and will be in openssh-7.2, which
is due real soon now (~weeks).
https://anongit.mindrot.org/openssh.git/commit/?id=ed08510d38
-d
More information about the openssh-unix-dev
mailing list