From 157832e4726324bc1903b7bc0c6eab6ed89c0215 Mon Sep 17 00:00:00 2001
From: Jonathan Wright <jonathan@almalinux.org>
Date: Thu, 31 Jul 2025 09:50:38 -0500
Subject: [PATCH] Fix broken SSH host key config in rhel/almalinux 10

Signed-off-by: Jonathan Wright <jonathan@almalinux.org>
---
 roles/ssh_hardening/vars/RedHat_10.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 roles/ssh_hardening/vars/RedHat_10.yml

diff --git a/roles/ssh_hardening/vars/RedHat_10.yml b/roles/ssh_hardening/vars/RedHat_10.yml
new file mode 100644
index 000000000..5bffd0c1a
--- /dev/null
+++ b/roles/ssh_hardening/vars/RedHat_10.yml
@@ -0,0 +1,26 @@
+---
+ssh_pkgs:
+  - openssh
+sshd_path: /usr/sbin/sshd
+ssh_host_keys_dir: /etc/ssh
+sshd_service_name: sshd
+ssh_owner: root
+ssh_group: root
+ssh_host_keys_owner: root
+ssh_host_keys_group: root
+ssh_host_keys_mode: "0600"
+ssh_selinux_packages:
+  - policycoreutils-python-utils
+  - checkpolicy
+
+# true if SSH support Kerberos
+ssh_kerberos_support: true
+
+# true if SSH has PAM support
+ssh_pam_support: true
+
+sshd_moduli_file: /etc/ssh/moduli
+
+# disable CRYPTO_POLICY to take settings from sshd configuration
+# see: https://access.redhat.com/solutions/4410591
+sshd_disable_crypto_policy: true