ssh_client: update product stability data and fix bash template newline

Smouhoune · Smouhoune · commit 76bf986f41bd · 2026-03-09T13:39:57.000+01:00
Update product stability references for ssh client path properties and fix Jinja whitespace trimming in the Ubuntu bash remediation template.\n\nThe template change preserves the newline between variable assignments in the generated shell script and avoids shellcheck failures.
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh
@@ -1,7 +1,7 @@
 # platform = multi_platform_ubuntu
 
 ssh_approved_ciphers="aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr"
-{{%- set sshc_cipher_list_config = ssh_client_config_dir ~ "/00-cipher-list.conf" -%}}
+{{% set sshc_cipher_list_config = ssh_client_config_dir ~ "/00-cipher-list.conf" %}}
 
 main_config="{{{ ssh_client_main_config_file }}}"
 include_directory="{{{ ssh_client_config_dir }}}"
diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml
@@ -39,6 +39,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml
@@ -39,6 +39,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml
@@ -38,6 +38,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml
@@ -38,6 +38,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml
@@ -43,6 +43,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 11
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
 pkg_system: dpkg
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
@@ -43,6 +43,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 12
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/debian13.yml b/tests/data/product_stability/debian13.yml
@@ -44,6 +44,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 13
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-trixie.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml
@@ -47,6 +47,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml
@@ -40,6 +40,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml
@@ -75,6 +75,8 @@ latest_version: 38
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml
@@ -38,6 +38,8 @@ grub_helper_executable: grubby
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 platform_package_overrides:
   aarch64_arch: null
diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml
@@ -147,6 +147,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
@@ -44,6 +44,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 7
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol7.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
@@ -34,6 +34,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 8
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol8.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml
@@ -37,6 +37,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 9
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol9.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml
@@ -51,6 +51,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
@@ -47,6 +47,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
 pkg_manager_config_file: /etc/zypp/zypper.conf
diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml
@@ -41,6 +41,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel10.yml b/tests/data/product_stability/rhel10.yml
@@ -47,6 +47,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 10
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
@@ -97,6 +97,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 8
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml
@@ -53,6 +53,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 9
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml
@@ -46,6 +46,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml
@@ -46,6 +46,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 12
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml
@@ -47,6 +47,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 15
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml
@@ -47,6 +47,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 2204
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.jammy.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/ubuntu2404.yml b/tests/data/product_stability/ubuntu2404.yml
@@ -45,6 +45,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 2404
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
