Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-150365

sshd doesn't always consider the first property only when a property is defined multiple times

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-10.1, rhel-9.7
    • openssh
    • No
    • Moderate
    • Customer Facing, Customer Reported
    • rhel-security-crypto-diamonds
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      A customer reported some discrepancies when configuring a property multiple times: sometimes only the first property value is considered, sometimg it's the last property value.
      From my latest testing (see the comment), MaxStartups, PerSourceMaxStartups, PerSourceNetBlockSize and IPQoS are affected.

      Upstream is behaving correctly.

      What is the impact of this issue to you?

      Potential compliance issues

      Please provide the package NVR for which the bug is seen:

      openssh-server-8.7p1-46.el9
      openssh-server-9.9p1-12.el10_1

      How reproducible is this bug?

      Always

      Steps to reproduce

      1. Create 2 snippets for MaxStartups 
        # echo "MaxStartups 11:11:11" > /etc/ssh/sshd_config.d/11.conf
# echo "MaxStartups 12:12:12" > /etc/ssh/sshd_config.d/12.conf
      2. Check what is used by sshd

      Expected results

      # /usr/sbin/sshd -T -f /etc/ssh/sshd_config | grep -iw "maxstartups"
maxstartups 12:12:12

      Actual results

      # /usr/sbin/sshd -T -f /etc/ssh/sshd_config | grep -iw "maxstartups"
maxstartups 11:11:11

        1. repro.tar
          10 kB

              dbelyavs@redhat.com Dmitry Belyavskiy
              rhn-support-rmetrich Renaud Métrich
              Dmitry Belyavskiy Dmitry Belyavskiy
              Miluse Bezo Konecna Miluse Bezo Konecna
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: