Fix sshd config validation issue

Recent versions of openSSH require username and host in context for validation tests. Resolves: #1 See also: dev-sec/ansible-ssh-hardening#188
hurricanehrndz · Oct 14, 2020 · 074db84 · 074db84
1 parent 677a5e6
commit 074db84
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/tasks/configure-sshd.yml b/tasks/configure-sshd.yml
@@ -67,7 +67,7 @@
     regexp: '^(#.?C|.?C)hallengeResponseAuthentication.*'
     line: 'ChallengeResponseAuthentication yes'
     backup: yes
-    validate: /usr/sbin/sshd -T -C user=root -f %s
+    validate: /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s
 
 - name: Update sshd_config - Disable Password Authentication
   lineinfile:
@@ -76,13 +76,13 @@
     regexp: '^#PasswordAuthentication.*'
     line: 'PasswordAuthentication no'
     backup: yes
-    validate: /usr/sbin/sshd -T -C user=root -f %s
+    validate: /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s
 
 - name: Update sshd_config - Force yubikey users to use yubikey
   blockinfile:
     path: /etc/ssh/sshd_config
     state: present
     block: "{{ yubikey_sshd_config_addition }}"
     insertafter: EOF
-    validate: /usr/sbin/sshd -T -C user=root -f %s
+    validate: /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s
   notify: restart-sshd