On Sat, 5 Jun 2021, Daniel Jakots wrote: > Hi, > > I updated some machines of mine to a newer snapshot and got some > problems with sshd. > > Old snapshot is from 2021-05-19. > New snapshot is from 2021-06-05 (today). > > I use the default config (only change is LogLevel VERBOSE) and at the > end I put some custom config which I give here: > > 90 # Custom config > 91 PermitRootLogin without-password > 92 > 93 # 2FA (yubikey or totp) > 94 PasswordAuthentication yes > 95 AuthenticationMethods publickey,password > 96 #AuthenticationMethods publickey > 97 > 98 AllowUsers www > 99 > 100 > 101 # 1FA for those users > 102 Match User zzz > 103 AuthenticationMethods publickey > 104 Match Address 192.168.111.34/32 > 105 AllowUsers xxx > 106 AuthenticationMethods publickey > 107 > 108 # For 2FA but also to allow root from legit IP > 109 Match Address 192.0.2.221 > 110 AuthenticationMethods publickey > 111 AllowUsers root www xxx yyy > 112 > > > sshd doesn't start. With debug mode: > $ /usr/sbin/sshd -d > /etc/ssh/sshd_config line 103: keyword AuthenticationMethods extra arguments > at end of line > /etc/ssh/sshd_config line 106: keyword AuthenticationMethods extra arguments > at end of line > /etc/ssh/sshd_config line 110: keyword AuthenticationMethods extra arguments > at end of line > /etc/ssh/sshd_config: terminating, 3 bad configuration options
Thanks for the report - a patch in snaps broke AuthenticationMethods in Match blocks. It will be fixed shortly. -d
