Reviewed: https://review.openstack.org/316868 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=b1db632ce6ac13ae3b17dee7eaa31d33ddf19442 Submitter: Jenkins Branch: stable/mitaka commit b1db632ce6ac13ae3b17dee7eaa31d33ddf19442 Author: Major Hayden <major at mhtx.net> Date: Mon May 9 16:07:39 2016 -0500 Handle Match properly in sshd_config The security role was not properly handling ssh configuration files that have Match stanzas. This patch ensures that all added configurations appear before the Match stanzas in the /etc/ssh/sshd_config file. Closes-bug: 1579914 Change-Id: Ic7575490cda2bdba880e860e2e400029a84d7d45 (cherry picked from commit 54de1b5734b6561b4f01efed91bb612ff26e8d40) ** Tags added: in-stable-mitaka -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1579914 Title: Security role doesn't handle sshd_config with Match Status in openstack-ansible: Fix Released Bug description: The security role makes several changes to the sshd_config file, but it doesn't handle situations where the configuration file might end with Match stanzas. There cannot be any general configuration options after any Match stanzas in the configuration file. The role should: * Handle Match stanzas properly * Validate the sshd_config with each change To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1579914/+subscriptions