Match Group' in configuration but 'user' not in connection test specification

[kravietz]

Describe the bug
The openssh.conf.j2 validity test fails in OpenSSH 7.7p1 (as distributed with Ubuntu 18.10) because sshd requires that specific user name is passed in the test context. I realize 18.10 is not supported officially but still worth keeping it for future reference.

Expected behavior
Just add any user to the test using -C option:
sshd -T -C user=someuser

Actual behavior
The test will always fail with the current test of /usr/sbin/sshd -T -f %s.

TASK [dev-sec.ssh-hardening : create sshd_config and set permissions to root/600] ***************************************************************************************************************************
fatal: [prol]: FAILED! => {"changed": false, "checksum": "d4665d47b3e4682db5a9a0a6f2978eabe296ea8c", "exit_status": 255, "msg": "failed to validate", "stderr": "'Match Group' in configuration but 'user' not in connection test specification.\r\n", "stderr_lines": ["'Match Group' in configuration but 'user' not in connection test specification."], "stdout": "", "stdout_lines": []}

Example Playbook

- hosts: prol
  roles:
  - dev-sec.ssh-hardening

OS / Environment

Ansible Version

Role Version

Additional context
Add any other context about the problem here.

[rndmh3ro]

You're right, I just tested this.
To make it work on all OS's I apparently have to use this:

sshd -T -C user=root -C host=localhost -C addr=localhost

[westurner]

#202 (comment)

This patch is also required for ssh 7.9p1. Does this work with older versions as well?

This would be great to have working.

[westurner]

Thanks!

…

On Sunday, April 14, 2019, Sebastian Gumprich ***@***.***> wrote: Closed #188 <#188> via #202 <#202>. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#188 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADGyzUxvOBaSIjbwcXKzgyHlyJ2UsvOks5vgzKWgaJpZM4X_M8p> .