sshd -T does not work with Match

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Miroslav Lachman <000.fbsd_at_quip.cz>
Date: Fri, 05 Nov 2021 17:21:36 UTC

I don't know if this should be considered as bug or "just changed behavior".
sshd -T works in FreeBSD 11.4 (OpenSSH_7.5) and prints details about 
current configuration but it does not work with the same configuration 
file in FreeBSD 12.2 (OpenSSH_7.9).

# sshd -T
'Match Group' in configuration but 'user' not in connection test 
specification.

Once I have any "Match" in sshd_config then sshd -T does not work. It 
needs additional -C user=fakeuser to print configuration. (I just needed 
to view supported ciphers)

You can try it with default sshd_config and add something like this:

Match group sftponly
         ChrootDirectory %h

...or just ucomment section "Match User anoncvs".

I think sshd -T should still work without -C as it was in older versions 
and print configuration for any non-matched criteria.

Kind reagards
Miroslav Lachman