From 12ca98ceca7dd49196ea81fad8dea473bf8a85e6 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Tue, 14 Apr 2026 12:46:57 +0200
Subject: [PATCH 1/2] OP#577 update Readme

---
 README.md               | 6 ++++--
 manifests/main/files.pp | 7 -------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 8361fe3..f88c2b6 100644
--- a/README.md
+++ b/README.md
@@ -25,11 +25,13 @@
 ## Features
 
 - install required binaries
-- manage local custom configuration based on parameters, overriding the defaults
 - manage selinux rules
 - manage service
 - (optional) manage firewall
-  
+
+> Note
+Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the `ssh_custom_ensure`setting set to `absent` (default).
+
 ## Support
 
 - Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 6543586..28de0e7 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -35,12 +35,5 @@ class confdroid_ssh::main::files (
       content  => template($sshd_custom_erb),
       notify   => Service[$sshd_service],
     }
-    # we want the default root login setting to be managed by the custom conf, 
-    # so we remove the default file if it exists
-    file { $sshd_root_login_file:
-      ensure => absent,
-      path   => $sshd_root_login_file,
-      notify => Service[$sshd_service],
-    }
   }
 }

From 72810343ece6fd05b10e365fae99733705b27539 Mon Sep 17 00:00:00 2001
From: Jenkins Server <jenkins@confdroid.com>
Date: Tue, 14 Apr 2026 12:48:14 +0200
Subject: [PATCH 2/2] Recommit for updates in build 31

---
 doc/file.README.html                             |  6 ++++--
 doc/index.html                                   |  6 ++++--
 .../confdroid_ssh_3A_3Amain_3A_3Afiles.html      | 16 +---------------
 3 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/doc/file.README.html b/doc/file.README.html
index 92c2f45..d50ddf8 100644
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -97,8 +97,6 @@
 <ul><li>
 <p>install required binaries</p>
 </li><li>
-<p>manage local custom configuration based on parameters, overriding the defaults</p>
-</li><li>
 <p>manage selinux rules</p>
 </li><li>
 <p>manage service</p>
@@ -106,6 +104,10 @@
 <p>(optional) manage firewall</p>
 </li></ul>
 
+<blockquote>
+<p>Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the <code>ssh_custom_ensure</code>setting set to <code>absent</code> (default).</p>
+</blockquote>
+
 <h2 id="label-Support">Support</h2>
 <ul><li>
 <p>Rocky 9 (Any RHEL 9 based OS should work but has not been tested)</p>
diff --git a/doc/index.html b/doc/index.html
index f4a1c4f..b5751d3 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -97,8 +97,6 @@
 <ul><li>
 <p>install required binaries</p>
 </li><li>
-<p>manage local custom configuration based on parameters, overriding the defaults</p>
-</li><li>
 <p>manage selinux rules</p>
 </li><li>
 <p>manage service</p>
@@ -106,6 +104,10 @@
 <p>(optional) manage firewall</p>
 </li></ul>
 
+<blockquote>
+<p>Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the <code>ssh_custom_ensure</code>setting set to <code>absent</code> (default).</p>
+</blockquote>
+
 <h2 id="label-Support">Support</h2>
 <ul><li>
 <p>Rocky 9 (Any RHEL 9 based OS should work but has not been tested)</p>
diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
index 008c095..6ffa772 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Afiles.html
@@ -134,14 +134,7 @@
 36
 37
 38
-39
-40
-41
-42
-43
-44
-45
-46</pre>
+39</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
@@ -178,13 +171,6 @@ class confdroid_ssh::main::files (
       content  =&gt; template($sshd_custom_erb),
       notify   =&gt; Service[$sshd_service],
     }
-    # we want the default root login setting to be managed by the custom conf, 
-    # so we remove the default file if it exists
-    file { $sshd_root_login_file:
-      ensure =&gt; absent,
-      path   =&gt; $sshd_root_login_file,
-      notify =&gt; Service[$sshd_service],
-    }
   }
 }</pre>
       </td>