Rudder

Since the OpenSSH technique lacks lots of options to configure, I tried to add something at the end with the "enforce a file content" technique. To be clear, the sshd_config file should first be edited by the OpenSSH technique to have a base install/config and then I want to add something to the end. This doesn't work.

- In the OpenSSH technique I configured PasswordAuthentication to be no
- in the enforce file content I added this:

Match User foobar
PasswordAuthentication yes

After one run of cf-agent the file ends like this:

PasswordAuthentication no
Match User spaceobserver
PasswordAuthentication no
Port 22

If i now run cf-agent multiple times, the file ends like this:

PasswordAuthentication no
Match User spaceobserver
PasswordAuthentication no
PasswordAuthentication no
PasswordAuthentication no
PasswordAuthentication no
Port 22

Note: I saw this behaviour before: the OpenSSH technique adds options multiple times, which most times is harmless, but ugly.