ncm-ssh: /software/components/ssh/daemon/comment_options/GSSAPIKexAlgorithms = "" ends up adding a new line on each ncm-ssh run

[ulrich1919]

if I specify: /software/components/ssh/daemon/comment_options/GSSAPIKexAlgorithms = "" (empty value) then ncm-ssh adds "#GSSAPIKexAlgorithms" line to sshd_config on each run, and restarts sshd. I believe this behaviour is not normal. Please check and fix. Thanks

• The version of the component you are using (rpm -q $component) ncm-ssh-23.6.0-1.noarch
• What OS version you are using (/etc/redhat-release or similar) Red Hat Enterprise Linux Server release 7.9 (Maipo)
• Steps required to reproduce the problem: see above
• Actual result versus expected result. Expected result: It should comment out any GSSAPIKexAlgorithms options with any values from sshd_config and restart sshd. It should not add #GSSAPIKexAlgorithms lines on each run. Of course this affects any sshd option, not particularly just GSSAPIKexAlgorithms. It probably affects other ncm components as well(CAF::FileEditor::add_or_replace_lines)

[jrha]

Apologies for the delay, I tried to reproduce this today, but GSSAPIKexAlgorithms isn't a valid option in the schema, are you using a local fork?

I can however replicate the same behaviour with:

"/software/components/ssh/daemon/comment_options/Protocol" = "";

It appears to happen when an option is present in both options and comment_options and the comment version has no associated value.

[ulrich1919]

Yes, we added GSSAPIKexAlgorithms to our schema. Forgot to raise a PR here. Will do now. I think GSSAPIKexalgorithms was only present in comment_options with an empty value. It was not added to options. Can you reproduce the behaviour If an option is only present in comment_options(and not present in options)?

[ulrich1919]

raised https://github.com/quattor/configuration-modules-core/pull/1714

[jrha]

I think the underlying issue is still present, but the schema changes make it harder to trigger.