-
-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dealing with /etc/ssh/sshd_config.d/*.conf
files
#117
Comments
I found a workaround, but it's not pretty. My approach was to override I executed I also had to add a I also don't get, why i had do prefix a lower number to the config file instead of a higher one. Maybe sb can shed some light on that, because i thought it would read lexicographically. In general I think to move all custom configuration into This is how I am running right now: https://github.com/Oberfeldwedler/ansible-role-security/tree/move_config_to_sshd_config.d |
Yeah, we can both agree on this, also being able to configure the priority level of this file would be a nice touch. Thanks for your effort delving into it :) |
When I figured out why SSH was asking me for my password a lot, and when I intentionally left off my SSH key to find it would still let me in, this struck me as a huge vulnerability. Having used this role to configure multiple servers and thinking I had hardened SSH only to find out that someone with merely the password and connection details could login, I immediately corrected it with this change: b3866d5 I am trying to start a PR but unfortunately my fork is way beyond Jeff's repo with personal changes, and I wasn't set up to rebase on top of his quickly. https://askubuntu.com/questions/1488130/what-is-the-use-of-setting-up-openssh-on-ubuntu-live-server-22-04/1488143#1488143 |
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! Please read this blog post to see the reasons why I mark issues as stale. |
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. |
Hi !
I have some machines that
cloud-init
places a/etc/ssh/sshd_config.d/50-cloud-init.conf
file withPasswordAuthentication yes
, overriding what I have set via this role (PasswordAuthentication no
).Taking into consideration that in this particular case I must not instruct
cloud-init
to do otherwise, is there a recommended way of preventing this situation, or should I make an additionalansible
task to remove theInclude /etc/ssh/sshd_config.d/*.conf
from/etc/ssh/sshd_config
?The text was updated successfully, but these errors were encountered: