SO appends the following to /etc/ssh/sshd_config
# Security Onion Autossh
ClientAliveInterval 30
ClientAliveCountMax 3
These are added even when those directives are already defined in the file, which is not that big of a deal, but the big issue to me today was that my client uses a Match section in /etc/ssh/sshd_config, and Match sections have to be at the bottom of the file, not followed by global config lines like what SO appends. That breaks ssh and prevents the service from starting.
I propose having SO only add sshd_config lines it has confirmed are not already present in sshd_config and then insert them at the top of the file instead of appending them. That would be safer since local customization of /etc/ssh/sshd_config in various client environments is probably reasonable to expect at times.
Thanks!
Kevin