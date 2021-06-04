The SSH server is a critical, ubiquitous service that provides one of the main access points into Red Hat Enterprise Linux (RHEL) for management purposes. Over my career as a system administrator, I can not think of any RHEL systems I have worked on that were not running it. RHEL 8.4 adds new roles to manage the SSH server and SSH client configurations, which are the sshd and ssh roles, respectively. This post will walk you through an example of how to use the sshd RHEL system role to manage the SSH server configuration. In the next post, you’ll see how to adapt to different real-world scenarios where servers need a slightly different configuration. Why automate SSH server configuration? Having a properly configured and secured SSH server is a key component of hardening a RHEL system. This is why security benchmarks such as the CIS benchmark and DISA STIG specify SSH server configuration options that need to be set. This makes the SSH server a great candidate for automation. While it is possible to manually configure the SSH server, doing so is time consuming and prone to error. Additionally, if you manually configure SSH, there is no guarantee it will stay properly configured (e.g., when a fellow system administrator is troubleshooting and makes a few "temporary" changes to the configuration that end up being permanent). Red Hat introduced RHEL System Roles in RHEL 7. These are Ansible roles and collections that provide a stable and consistent interface to manage and automate multiple releases of RHEL. RHEL System Roles are a feature included in RHEL subscriptions and are supported by Red Hat.