Hello All,
The SSH daemon configuration (sshd_config) check, does not work if there are „Match“ directives in the sshd_config, like in this example…
cat /etc/ssh/sshd_config
[…]
PasswordAuthentication no
[…]
Match Group 123_sftp_only
PasswordAuthentication yes
In this cases the agent to outputs data like this…
[…]
PasswordAuthentication: noyes
[…]
Therefore the check is always “Critical”, no matter if “Allow password authentication” is configured Yes or No.
A potential solution would be to base the agent on the output of “/sbin/sshd -T -C user=root” (user to be configurable), instead of relying on the content of sshd_config.
The sshd output is more consistent in content and ignores upper/lowercase.