Breaking problem with SO automatic additions to /etc/ssh/sshd_config

[Kevin Branch]

SO appends the following to /etc/ssh/sshd_config

# Security Onion Autossh

ClientAliveInterval 30

ClientAliveCountMax 3

These are added even when those directives are already defined in the file, which is not that big of a deal, but the big issue to me today was that my client uses a Match section in /etc/ssh/sshd_config, and Match sections have to be at the bottom of the file, not followed by global config lines like what SO appends.  That breaks ssh and prevents the service from starting.

I propose having SO only add sshd_config lines it has confirmed are not already present in sshd_config and then insert them at the top of the file instead of appending them.  That would be safer since local customization of /etc/ssh/sshd_config in various client environments is probably reasonable to expect at times.

Thanks!

Kevin

[Wes]

Hi Kevin,

I've opened an issue for this, here:

https://github.com/Security-Onion-Solutions/security-onion/issues/1396

Thanks,
Wes

[Doug Burks]

Hi Kevin,

I've submitted a new package for testing:

https://groups.google.com/d/topic/security-onion-testing/eUwr6UMHILQ/discussion

If you are able to test it out in an environment simulating the original conditions you reported, please add your feedback to the testing thread.  Thanks!

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

--

Doug Burks
CEO
Security Onion Solutions, LLC