SSHD config tasks not as complete as they could be

[PrymalInstynct]

Describe the Issue
The sshd related tasks rely on the rhel9stig_sshd_config_file variable which is set to /etc/ssh/sshd_config by default to apply all of the appropriate sshd settings. However, there is a file /etc/ssh/sshd_config.d/50-redhat.conf which is installed as a part of the openssh-server package that contains the GSSAPIAuthentication and X11Forwarding sshd settings.

The file /etc/ssh/sshd_config.d/50-redhat.conf is added as an Include to the overall sshd_config because of RHEL-09-255055 which means the two settings from that file are taken into account for the overall sshd system configuration. Which means the two STIGs associated with those settings to technically be left open when checked using the STIG check text.

Expected Behavior
I expect every instance of GSSAPIAuthentication and X11Forwarding to be set to the appropriate value

Actual Behavior
The GSSAPIAuthentication and X11Forwarding settings are configured correctly in /etc/ssh/sshd_config but not in /etc/ssh/sshd_config.d/50-redhat.conf

Control(s) Affected

• RHEL-09-255055
• RHEL-09-255135
• RHEL-09-255155

Environment (please complete the following information):

• branch being used: devel
• Ansible Version: 2.17.5
• Host Python Version: 3.9.18
• Ansible Server Python Version: 3.12.7
• Additional Details:

Additional Notes
None

Possible Solution

• Option 1) Create a Prelim tasks that searches for all possible sshd configuration files on the system and uses that variable as a way to loop through all found files to apply the settings
• Option 2) Assume the user has their sshd configs in the default directories and create secondary tasks for each sshd_config related task that applies the PATCH to /etc/ssh/sshd_config.d/50-redhat.conf