core(ssg): add product-overridable SSH client path properties

Smouhoune · Smouhoune · commit e27c74dde0d0 · 2026-03-09T13:39:57.000+01:00
diff --git a/ssg/constants.py b/ssg/constants.py
@@ -463,6 +463,8 @@
 DEFAULT_SSHD_CONFIG_DIR = '/etc/ssh/sshd_config.d'
 DEFAULT_SSHD_HARDENING_CONFIG_BASENAME = '00-complianceascode-hardening.conf'
 DEFAULT_SSHD_SYSCONFIG_FILE = '/etc/sysconfig/sshd'
+DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE = '/etc/ssh/ssh_config'
+DEFAULT_SSH_CLIENT_CONFIG_DIR = '/etc/ssh/ssh_config.d'
 DEFAULT_PRODUCT = 'example'
 DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf'
 DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/'
diff --git a/ssg/products.py b/ssg/products.py
@@ -21,6 +21,8 @@
                         DEFAULT_SSHD_CONFIG_DIR,
                         DEFAULT_SSHD_HARDENING_CONFIG_BASENAME,
                         DEFAULT_SSHD_SYSCONFIG_FILE,
+                        DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE,
+                        DEFAULT_SSH_CLIENT_CONFIG_DIR,
                         DEFAULT_CHRONY_CONF_PATH,
                         DEFAULT_CHRONY_D_PATH,
                         DEFAULT_AUDISP_CONF_PATH,
@@ -130,6 +132,12 @@ def _get_implied_properties(existing_properties):
     if "sshd_sysconfig_file" not in existing_properties:
         result["sshd_sysconfig_file"] = DEFAULT_SSHD_SYSCONFIG_FILE
 
+    if "ssh_client_main_config_file" not in existing_properties:
+        result["ssh_client_main_config_file"] = DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE
+
+    if "ssh_client_config_dir" not in existing_properties:
+        result["ssh_client_config_dir"] = DEFAULT_SSH_CLIENT_CONFIG_DIR
+
     if "product" not in existing_properties:
         result["product"] = DEFAULT_PRODUCT
 
