Page MenuHomePhabricator

ssh_options_parse_config() does not parse the Match 'final' keyword
Closed, ResolvedPublic

Description

Description from the ssh_config(5) man page:

Match   [...]

        The final keyword requests that the configuration be re-
        parsed (regardless of whether CanonicalizeHostname is
        enabled), and matches only during this final pass.  If
        CanonicalizeHostname is enabled, then canonical and final
        match during the same pass.

The error returned is {error_code = 2, error_buffer = "ERROR - Unknown argument 'final' for Match keyword"}

Host: Fedora 29 x86_64

Content of /etc/ssh/ssh_config.d/05-redhat.conf:

# The options here are in the "Match final block" to be applied as the last
# options and could be potentially overwritten by the user configuration
Match final all
        # Follow system-wide Crypto Policy, if defined:
        Include /etc/crypto-policies/back-ends/openssh.config

        GSSAPIAuthentication yes

# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
        ForwardX11Trusted yes

# Send locale-related environment variables
        SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
        SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
        SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
        SendEnv XMODIFIERS

# Uncomment this if you want to use .local domain
# Host *.local

Event Timeline

philmd created this task.Jun 20 2019, 12:14 PM
philmd renamed this task from ssh_options_parse_config() does not parse the 'Include' keyword to ssh_options_parse_config() does not parse the Match 'final' keyword.Jun 20 2019, 12:22 PM
philmd updated the task description. (Show Details)
Jakuje added a subscriber: Jakuje.Mon, Jun 24, 11:31 AM

This is already available in master (e989c4afffa154d92fe8c4ae1716ecc6bb4c2fd5) and will be in 0.9. Unfortunately, this did not got updated in Fedora as we updated the default configuration file so I would propose to wait few days for the updated libssh or fill a fedora bug.

asn closed this task as Resolved.Fri, Jul 12, 1:04 PM
asn claimed this task.
asn added a subscriber: asn.

libssh 0.9.0 has been released. Closing.