On Tue, Aug 11, 2009 at 12:20 +0200, Julien Valroff wrote:
> Le mardi 11 août 2009 à 11:05 +0200, Bernd 'Siggy' Brentrup a écrit :
> > Hi,
> >
> > when looking into this bug I noticed you mention a bogus test:
> >
> > permitrootlogin=`cat ${I}/sshd_config | grep "PermitRootLogin" | grep -v
> > "#"`
> >
> > Try the following:
> > % grep "PermitRootLogin" | grep -v '#' <<EOF
> > PermitRootLogin no
> > # PermitRootLogin yes
> > PermitRootLogin yes # Allow root to login remotely
> > EOF
> > PermitRootLogin no
> > %
> >
> > IIRC sshd uses the last occurrence of an option if it is given
> > multiple times.
> >
> > I'd suggest you change your test to
> > % (cut -d'#' -f 1 | grep PermitRootLogin) <<EOF
> > PermitRootLogin no
> > # PermitRootLogin yes
> > PermitRootLogin yes # Allow root to login remotely
> > EOF
> > PermitRootLogin no
> > PermitRootLogin yes
> > %
> >
>
> You are right, and this was already fixed in the latest release.
> The code is now:
> grep -i '^PermitRootLogin[ =]' ${SSH_CONFIG_FILE} | tail -1
>
> Which detects the last option only.
Sorry to say this is still wrong, options are not required to
start at the beginning of a line, think of Match blocks where
they are usually indented for better readability.
IMHO you need a config file parser to analyze sshd_config.
Regards
Siggy
--
bsb-at-psycho-dot-informationsanarchistik-dot-de
or: bsb-at-psycho-dot-i21k-dot-de
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
signature.asc
Description: Digital signature
