From ea4b833fa6df7cf5f099ced85f6cef5221003e97 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutras.com>
Date: Sun, 13 Aug 2023 00:01:58 +0300
Subject: [PATCH] sshd: rebase sshd_config to openssh 9.4p1-2

---
 roles/sshd/templates/sshd_config.j2 | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2
index 404bbf0e4..f06e3542f 100644
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@@ -1,4 +1,5 @@
-#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+# Include drop-in configurations
+Include /etc/ssh/sshd_config.d/*.conf
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -58,7 +59,7 @@ PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords
-KbdInteractiveAuthentication no
+#KbdInteractiveAuthentication yes
 
 # Kerberos options
 #KerberosAuthentication no
@@ -79,7 +80,7 @@ KbdInteractiveAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
+#UsePAM no
 
 {% if 'buildservers' in group_names %}
 #AllowAgentForwarding yes
@@ -93,7 +94,7 @@ AllowTcpForwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
-PrintMotd no
+#PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
 #PermitUserEnvironment no
-- 
GitLab