633 B
633 B
---id: RHEL-07-040261 status: implemented tag: sshd ---
The STIG has a requirement that the sshd daemon is
running and enabled at boot time. The tasks in the security role ensure
that these requirements are met.
Some deployers may not have sshd enabled on highly
specialized systems and those deployers should opt out of this change by
setting the following Ansible variable:
security_enable_sshd: noNote
Setting security_enable_sshd to no causes
the tasks to ignore the state of the service entirely. A setting of
no does not stop or alter the sshd
service.