Support sshd password authentication on Rocky 8

[jovial]

Adds a sshd_config.d directory so that we can use the same templated config file as Rocky 9.

[jovial]

Try using Include

[jovial]

Try using Include

Seems to work. I found that the variables defined in sshd_config override the drop in ones. I'm guessing it is using the first value it encounters (and Include was at the bottom of the file). We could put the Include at the top which is similar to Rocky 9:

#       $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/
sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

[jovial]

This is what we end up with:

[root@cclr-dev-login-0 ~]# cat /etc/ssh/sshd_config
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.
# BEGIN ANSIBLE MANAGED BLOCK
# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf
# END ANSIBLE MANAGED BLOCK

Which isn't ideal, but we don't have append_newline and prepend_newline in our version of ansible.

[jovial]

We could also do this at build time to make it simpler to apply runtime config. Thoughts?

[sjpb]

I'm guessing it is using the first value it encounters

From the man page:

For each keyword, the first obtained value will be used.
so, yes

[sjpb]

We could also do this at build time to make it simpler to apply runtime config. Thoughts?

I don't think we actually need to TBH. In the interest of progress/not getting blocked by image builds lets carry on - if Bertie decides that would be easier for compute-init support he could do that as part of that.

[sjpb]

LGTM