---
# Whether to accept password auth; ‹yes› or ‹no›
system_sshd_auth_password_authentication: "no"

# Whether to allow ‹root› login; ‹yes› or ‹no›
system_sshd_auth_permit_root_login: "no"

# Whether to setup trusted CA (against the HashiCorp Vault instance)
system_sshd_auth_trusted_ca: true

# Default port where the SSH daemon runs; also adjusts the SELinux policy
system_sshd_port: 10022

# [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
system_sshd_sign_host_keys: true