>Synopsis: SSH_CONFIG(5) mistakenly claims that the keyword "HostbasedKeyTypes"
>has been replaced with the keyword "HostbasedAcceptedAlgorithms".
>Category: ssh ssh_config
>Environment:
System : OpenBSD 6.9
Details : OpenBSD 6.9 (GENERIC.MP) #473: Mon Apr 19 10:40:28 MDT
2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
Changing the keyword "HostbasedKeyTypes" to "HostbasedAcceptedAlgorithms" per
SSH_CONFIG(5) causes a config file error; however retaining the old keyword
does not cause this error. ssh -Q HostbasedAcceptedAlgorithms does work
correctly though (as does ssh -Q HostbasedKeyTypes). According to the release
notes, this keyword change happened in both SSH_CONFIG(5) and SSHD_CONFIG(5) so
that they had consistent keywords. When changing "HostbasedAcceptedKeyTypes" to
"HostbasedAcceptedAlgorithms" in /etc/ssh/sshd_config, I do not get a config
file like I do in /etc/ssh/ssh_config.
>How-To-Repeat:
cat -n /etc/ssh/ssh_config
1 Host *
2 # AddKeysToAgent no
3 # AddressFamily any
4 # BatchMode no
5 # BindAddress
6 # BindInterface
7 # CanonicalDomains
8 # CanonicalizeFallbackLocal yes
9 # CanonicalizeHostname no
10 # CanonicalizeMaxDots 1
11 # CanonicalizePermittedCNAMEs
12 CASignatureAlgorithms ssh-ed25519,sk-ssh-ed25...@openssh.com
13 # CertificateFile
14 ChallengeResponseAuthentication no
15 CheckHostIP yes
16 Ciphers chacha20-poly1...@openssh.com
17 # ClearAllForwardings no
18 Compression yes
19 # ConnectionAttempts 1
20 ConnectTimeout 30
21 # ControlMaster no
22 # ControlPath
23 # ControlPersist no
24 # DynamicForward
25 # EnableSSHKeysign no
26 # EscapeChar '~'
27 # ExitOnForwardFailure no
28 # FingerprintHash sha256
29 # ForwardAgent no
30 # ForwardX11 no
31 # ForwardX11Timeout 20m
32 # ForwardX11Trusted no
33 # GatewayPorts no
34 GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
35 # GSSAPIAuthentication no
36 # GSSAPIDelegateCredentials no
37 # HashKnownHosts no
38 HostbasedAcceptedAlgorithms ssh-ed25519
39 # HostbasedAuthentication no
40 HostKeyAlgorithms ssh-ed25519
41 # HostKeyAlias
42 # Hostname
43 # IdentitiesOnly no
44 # IdentityAgent
45 IdentityFile ~/.ssh/id_ed25519
46 # IgnoreUnknown
47 # Include
48 # IPQoS af21 cs1
49 # KbdInteractiveAuthentication no
50 # KbdInteractiveDevices
51 KexAlgorithms curve25519-sha256
52 # KnownHostsCommand
53 # LocalCommand
54 # LocalForward
55 # LogLevel INFO
56 # LogVerbose
57 MACs umac-128-...@openssh.com
58 # NoHostAuthenticationForLocalhost no
59 # NumberOfPasswordPrompts 3
60 # PasswordAuthentication no
61 # PermitLocalCommand no
62 # PermitRemoteOpen
63 # PKCS11Provider none
64 # Port 22
65 PreferredAuthentications publickey
66 # ProxyCommand
67 # ProxyJump
68 # ProxyUseFdpass no
69 PubkeyAcceptedAlgorithms ssh-ed25519
70 # PubkeyAuthentication yes
71 # RekeyLimit default none
72 # RemoteCommand
73 # RemoteForward
74 # RequestTTY
75 # RevokedHostKeys
76 # SecurityKeyProvider
77 # SendEnv
78 # ServerAliveCountMax 3
79 # ServerAliveInterval 0
80 # SetEnv
81 # StreamLocalBindMask 0177
82 # StreamLocalBindUnlink no
83 StrictHostKeyChecking yes
84 # SyslogFacility USER
85 # TCPKeepAlive yes
86 # Tunnel no
87 # TunnelDevice any:any
88 UpdateHostKeys no
89 User zack
90 UserKnownHostsFile ~/.ssh/known_hosts
91 # VerifyHostKeyDNS no
92 # VisualHostKey no
93 # XAuthLocation /usr/X11R6/bin/xauth
ssh -F /etc/ssh/ssh_config this.will.error
/etc/ssh/ssh_config: line 38: Bad configuration option:
hostbasedacceptedalgorithms
/etc/ssh/ssh_config: terminating, 1 bad configuration options
>Fix:
Either make ssh recognize the "HostbasedAcceptedAlgorithms" keyword or change
SSH_CONFIG(5) so that keyword is reverted back to "HostbasedKeyTypes".
dmesg:
OpenBSD 6.9 (GENERIC.MP) #473: Mon Apr 19 10:40:28 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6425542656 (6127MB)
avail mem = 6215430144 (5927MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf6250 (12 entries)
bios0: vendor SeaBIOS version "Ubuntu-1.8.2-1ubuntu1.1" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Xeon E312xx (Sandy Bridge), 3400.54 MHz, 06-2a-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,VMX,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,HV,NXE,RDTSCP,LONG,LAHF,ARAT,XSAVEOPT,MELTDOWN
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel Xeon E312xx (Sandy Bridge), 3400.08 MHz, 06-2a-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,VMX,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,HV,NXE,RDTSCP,LONG,LAHF,ARAT,XSAVEOPT,MELTDOWN
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: smt 0, core 0, package 1
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel Xeon E312xx (Sandy Bridge), 3400.07 MHz, 06-2a-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,VMX,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,HV,NXE,RDTSCP,LONG,LAHF,ARAT,XSAVEOPT,MELTDOWN
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu2: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu2: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu2: smt 0, core 0, package 2
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpihpet0 at acpi0: 100000000 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
cpu0: using IvyBridge MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.5+> removable
cd0(pciide0:0:1): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 52:54:00:ac:f4:22
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio1: qsize 128
scsibus2 at vioscsi0: 255 targets
virtio1: msix per-VQ
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio2
scsibus3 at vioblk0: 1 targets
sd0 at scsibus3 targ 0 lun 0: <VirtIO, Block Device, >
sd0: 122880MB, 512 bytes/sector, 251658240 sectors
virtio2: msix shared
virtio3 at pci0 dev 6 function 0 "Qumranet Virtio RNG" rev 0x00
viornd0 at virtio3
virtio3: apic 0 int 10
virtio4 at pci0 dev 7 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
viomb0 at virtio4
virtio4: apic 0 int 11
virtio5 at pci0 dev 8 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk1 at virtio5
scsibus4 at vioblk1: 1 targets
sd1 at scsibus4 targ 0 lun 0: <VirtIO, Block Device, >
sd1: 307200MB, 512 bytes/sector, 629145600 sectors
virtio5: msix shared
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
vscsi0 at root
scsibus5 at vscsi0: 256 targets
softraid0 at root
scsibus6 at softraid0: 256 targets
sd2 at scsibus6 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd2: 122879MB, 512 bytes/sector, 251657633 sectors
root on sd2a (01256e922cb5b7b2.a) swap on sd2b dump on sd2b
fd0 at fdc0 drive 1: density unknown
usbdevs:
Controller /dev/usb0:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub0
