Reviewed: https://review.openstack.org/316869 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=d90908f0cc10301503bcae1a92ca69474746f517 Submitter: Jenkins Branch: liberty commit d90908f0cc10301503bcae1a92ca69474746f517 Author: Major Hayden <major at mhtx.net> Date: Mon May 9 16:07:39 2016 -0500 Handle Match properly in sshd_config The security role was not properly handling ssh configuration files that have Match stanzas. This patch ensures that all added configurations appear before the Match stanzas in the /etc/ssh/sshd_config file. Closes-bug: 1579914 Change-Id: Ic7575490cda2bdba880e860e2e400029a84d7d45 (cherry picked from commit 54de1b5734b6561b4f01efed91bb612ff26e8d40) ** Tags added: in-liberty -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1579914 Title: Security role doesn't handle sshd_config with Match Status in openstack-ansible: Fix Released Bug description: The security role makes several changes to the sshd_config file, but it doesn't handle situations where the configuration file might end with Match stanzas. There cannot be any general configuration options after any Match stanzas in the configuration file. The role should: * Handle Match stanzas properly * Validate the sshd_config with each change To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1579914/+subscriptions