From 86a1c4f1e7846d33c8ea33076cd6b406819033f8 Mon Sep 17 00:00:00 2001
From: Mike van Goor <mvangoor@schubergphilis.com>
Date: Wed, 27 Nov 2024 14:32:29 +0100
Subject: [PATCH] in el9 the system security policies are added at the end of
 the sshd config and if we do not add a "Match all" it will be interpretted
 under the level of the match

Signed-off-by: Mike van Goor <mvangoor@schubergphilis.com>
---
 CHANGELOG.md              | 2 ++
 templates/sshd_config.erb | 1 +
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8def3900..3bd4f1da 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ This file is used to list changes made in each version of the openssh cookbook.
 
 ## Unreleased
 
+- In more recent enterprise linux (rhel, oel, etc) systems system policies are added at end of sshd config and therefor any match block needs to be closed
+
 ## 2.11.14 - *2024-11-18*
 
 Standardise files with files in sous-chefs/repo-management
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 8a6f4f3a..43e6a101 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -38,4 +38,5 @@ Match <%= match_key.sub(/^[0-9]+/, '').strip %>
 <%        end -%>
 <%      end -%>
 <%    end -%>
+Match all
 <%  end -%>