From aab912dccfb17c88bb6185a957d1ad69fb648364 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Tue, 14 Jan 2025 03:14:21 +0200
Subject: [PATCH] Fix setting `Protocol` directive in contemporary SSH

---
 sshd/edit_net.cgi | 24 ++++++++++++++++--------
 sshd/save_net.cgi |  6 +++++-
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/sshd/edit_net.cgi b/sshd/edit_net.cgi
index e6f1e1cf7..50b6910a2 100755
--- a/sshd/edit_net.cgi
+++ b/sshd/edit_net.cgi
@@ -58,15 +58,23 @@ print &ui_table_row($text{'net_port'},
 
 if ($version{'type'} eq 'openssh' && $version{'number'} >= 2) {
 	# Protocols
-	$prots = &find_value("Protocol", $conf);
-	@prots = $prots ? split(/,/, $prots) :
-		 $version{'number'} >= 2.9 ? (1, 2) : (2);
-	$cbs = "";
-	foreach $p (1, 2) {
-		$cbs .= &ui_checkbox("prots", $p, $text{"net_prots_$p"},
-				     &indexof($p, @prots) >= 0)." ";
+	my @prots_avail = (1, 2);
+	if ($version{'number'} < 2 || $version{'number'} >= 7.6) {
+		# Since SSH-1 is removed in 7.6, displaying the protocol is
+		# unnecessary because only SSH-2 protocol is available.
+		# Protocol directive is ignored even if set
+		@prots_avail = ();
+		}
+	if (@prots_avail) {
+		my $prots = &find_value("Protocol", $conf);
+		my @prots = $prots ? split(/,/, $prots) : @prots_avail;
+		my $cbs = "";
+		foreach $p (1, 2) {
+			$cbs .= &ui_checkbox("prots", $p, $text{"net_prots_$p"},
+					     &indexof($p, @prots) >= 0)." ";
+			}
+		print &ui_table_row($text{'net_prots'}, $cbs);
 		}
-	print &ui_table_row($text{'net_prots'}, $cbs);
 	}
 
 if ($version{'type'} eq 'ssh' &&
diff --git a/sshd/save_net.cgi b/sshd/save_net.cgi
index b766223a9..5cccd8372 100755
--- a/sshd/save_net.cgi
+++ b/sshd/save_net.cgi
@@ -66,11 +66,15 @@ else {
 	&save_directive("Port", $conf, \@ports, "ListenAddress");
 	}
 
-if ($version{'type'} eq 'openssh' && $version{'number'} >= 2) {
+if ($version{'type'} eq 'openssh' &&
+    $version{'number'} >= 2 && $version{'number'} < 7.6) {
 	@prots = split(/\0/, $in{'prots'});
 	@prots || &error($text{'net_eprots'});
 	&save_directive("Protocol", $conf, join(",", @prots));
 	}
+elsif ($version{'number'} >= 7.6) {
+	&save_directive("Protocol", $conf);
+	}
 
 if ($version{'type'} eq 'ssh' &&
     ($version{'number'} < 2 || $version{'number'} >= 3)) {