--- # Whether to accept password auth; ‹yes› or ‹no› ssh_server_auth_password_authentication: "no" # Whether to allow ‹root› login; ‹yes› or ‹no› ssh_server_auth_permit_root_login: "no" # Whether to setup trusted CA (against the HashiCorp Vault instance) ssh_server_auth_trusted_ca: true # Default port where the SSH daemon runs; also adjusts the SELinux policy ssh_server_port: 10022 # [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance) ssh_server_sign_host_keys: true