Skip to content

Commit

Permalink
OCPBUGS-18331: Include sshd config directories in remediation template
Browse files Browse the repository at this point in the history 
The generic sshd configuration file we were using to generate
sshd remediations for OpenShift didn't include the sshd_config.d/
directory. This can be a problem for some clusters and configuration
that spread their sshd configuration across those directories, instead
of assuming all configuration will be in a single sshd configuration
file.

This could lead to cases where applying remediations for sshd hardening
breaks ssh in unexpected ways (e.g., like not being able to ssh into the
clusters because the ssh keys are not longer accessible if they're under
sshd_config.d).
  • Loading branch information
@rhmdnd
rhmdnd committed Feb 6, 2024
1 parent 5f62e80 commit 48f40b8
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions shared/macros/10-kubernetes.jinja
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

Include /etc/ssh/sshd_config.d/*.conf

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
Expand Down

0 comments on commit 48f40b8

Please sign in to comment.