Hello,
I use ListenAddress to limit ssh access to an address. After upgrading to ‘25.04.1’ I got a failed to start error on the ssh service.
I’m not sure if this was the case on 25.04.0 (I assume not), but they added Match User "username" directives before ‘Auxiliary Parameters’ are added. Therefore its adding configuration to the last users match directive.
I’m not sure if this is by design, but it means someone could unknowningly change config for a single user.
I worked around this my adding a match directive:
Match All
ListenAddress X.X.X.X
Hope this help anyone else. If this is not by design, I can submit a bug report.
Anything in the release notes about a change to ssh/secpol stuff?
This was a change in response to NAS-135367 which was a ticket filed because a different user’s auxiliary parameters were broken. I think probably the auxiliary parameters “model” for doing this (inserting free-form text into arbitrary places in the config file) is not supportable.
If you need a SSH feature exposed (especially security-related ones), then file feature requests.
Understood, I think wether “Auxiliary Parameters” features are unsupportable is above my pay grade, all I can say is I use it.
Looking at the sshd_config file, any extra config might need to be added before the match directives, that would make it workable or just going with the Match All Directive. But I do think config being added to the last match is a little bug?
