From 321c7147079270f3a154f91b59e66219aac3d514 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 17 Apr 2020 03:23:13 +0000
Subject: [PATCH] upstream: allow the IgnoreRhosts directive to appear anywhere
 in a

sshd_config, not just before any Match blocks; bz3148, ok dtucker@

OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8
---
 servconf.c    | 5 +++--
 sshd_config.5 | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/servconf.c b/servconf.c
index 748db5dec..ae45099ab 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.361 2020/03/06 18:29:54 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.362 2020/04/17 03:23:13 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -626,7 +626,7 @@ static struct {
 #else
 	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
 #endif
-	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
+	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_ALL },
 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
 	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
 	{ "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL },
@@ -2473,6 +2473,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_INTOPT(kbd_interactive_authentication);
 	M_CP_INTOPT(permit_root_login);
 	M_CP_INTOPT(permit_empty_passwd);
+	M_CP_INTOPT(ignore_rhosts);
 
 	M_CP_INTOPT(allow_tcp_forwarding);
 	M_CP_INTOPT(allow_streamlocal_forwarding);
diff --git a/sshd_config.5 b/sshd_config.5
index 70ccea449..a60be383d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.307 2020/02/07 03:54:44 dtucker Exp $
-.Dd $Mdocdate: February 7 2020 $
+.\" $OpenBSD: sshd_config.5,v 1.308 2020/04/17 03:23:13 djm Exp $
+.Dd $Mdocdate: April 17 2020 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1162,6 +1162,7 @@ Available keywords are
 .Cm HostbasedAcceptedKeyTypes ,
 .Cm HostbasedAuthentication ,
 .Cm HostbasedUsesNameFromPacketOnly ,
+.Cm IgnoreRhosts ,
 .Cm Include ,
 .Cm IPQoS ,
 .Cm KbdInteractiveAuthentication ,