search

UOS-RZ / secure_sshd

Ansible role to harden the sshd configuration
BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

Refactor to one config file include #17

Closed tibroc closed 1 week ago

tibroc commented 1 week ago 
              That would be one option. The ideas I had were:

- Just ignore that and assume that we know better anyway. So we just work with the main file and configure what we think is best, hoping that there is nothing we need in the redhat file.
- Add a task which runs through all files in `sshd_config.d` to remove all configuration options we set in the main config file
- Deploy all our configuration in an included file with higher priority, e.g. `/sshd_config.d/99-uos-cert.conf` which should overwrite the other includes
  - either have the settings only in `/sshd_config.d/99-uos-cert.conf` and ensure that there is an include
  - or have the settings in `/sshd_config.d/99-uos-cert.conf` and the main `sshd_config` so that the settings from the main file are active if there is no include

Not sure what's the best solution. Any preference or other idea?

_Originally posted by @lkiesow in https://github.com/UOS-RZ/secure_sshd/pull/10#discussion_r1666573733_

tibroc commented 1 week ago

We opted for the last option: settings in /sshd_config.d/99-uos-cert.conf