diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/ansible/shared.yml index 81968afeebea..7b5a91c274e7 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/ansible/shared.yml @@ -4,12 +4,15 @@ # complexity = low # disruption = low {{{ ansible_instantiate_variables("var_ssh_client_rekey_limit_size", "var_ssh_client_rekey_limit_time") }}} +{{%- set sshc_main_config = ssh_client_main_config_file -%}} +{{%- set sshc_config_dir = ssh_client_config_dir -%}} +{{%- set sshc_rekey_config = ssh_client_config_dir ~ "/02-rekey-limit.conf" -%}} -{{{ ansible_lineinfile(msg='Ensure RekeyLimit is not configured in /etc/ssh/ssh_config', path='/etc/ssh/ssh_config', regex='^\s*RekeyLimit.*$', insensitive=false, create='no', state='absent', rule_title=rule_title) }}} +{{{ ansible_lineinfile(msg='Ensure RekeyLimit is not configured in ' ~ sshc_main_config, path=sshc_main_config, regex='^\s*RekeyLimit.*$', insensitive=false, create='no', state='absent', rule_title=rule_title) }}} - name: Collect all include config files for ssh client which configure RekeyLimit ansible.builtin.find: - paths: "/etc/ssh/ssh_config.d/" + paths: "{{{ sshc_config_dir }}}" contains: '^[\s]*RekeyLimit.*$' patterns: "*.config" register: ssh_config_include_files @@ -21,4 +24,4 @@ state: "absent" loop: "{{ ssh_config_include_files.files }}" -{{{ ansible_lineinfile(msg='Ensure that rekey limit is set to {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }} in /etc/ssh/ssh_config.d/02-rekey-limit.conf', path='/etc/ssh/ssh_config.d/02-rekey-limit.conf', regex='^\s*RekeyLimit.*$', insensitive=false, new_line='RekeyLimit {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }}', create='yes', state='present', rule_title=rule_title) }}} +{{{ ansible_lineinfile(msg='Ensure that rekey limit is set to {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }} in ' ~ sshc_rekey_config, path=sshc_rekey_config, regex='^\s*RekeyLimit.*$', insensitive=false, new_line='RekeyLimit {{ var_ssh_client_rekey_limit_size }} {{ var_ssh_client_rekey_limit_time }}', create='yes', state='present', rule_title=rule_title) }}} diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/bash/shared.sh index 9662e8d55e4c..c50d21ab5242 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/bash/shared.sh @@ -1,9 +1,10 @@ # platform = multi_platform_all {{{ bash_instantiate_variables("var_ssh_client_rekey_limit_size", "var_ssh_client_rekey_limit_time") }}} +{{%- set sshc_rekey_config = ssh_client_config_dir ~ "/02-rekey-limit.conf" -%}} -main_config="/etc/ssh/ssh_config" -include_directory="/etc/ssh/ssh_config.d" +main_config="{{{ ssh_client_main_config_file }}}" +include_directory="{{{ ssh_client_config_dir }}}" if grep -q '^[\s]*RekeyLimit.*$' "$main_config"; then sed -i '/^[\s]*RekeyLimit.*/d' "$main_config" @@ -15,4 +16,4 @@ for file in "$include_directory"/*.conf; do fi done -{{{ set_config_file(path="/etc/ssh/ssh_config.d/02-rekey-limit.conf", parameter="RekeyLimit", value='$var_ssh_client_rekey_limit_size $var_ssh_client_rekey_limit_time', create=true, insert_before="", insert_after="", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}} +{{{ set_config_file(path=sshc_rekey_config, parameter="RekeyLimit", value='$var_ssh_client_rekey_limit_size $var_ssh_client_rekey_limit_time', create=true, insert_before="", insert_after="", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}} diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/oval/shared.xml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/oval/shared.xml index 83c8433fb153..01f49eb6842f 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/oval/shared.xml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/oval/shared.xml @@ -1,10 +1,13 @@ +{{%- set sshc_main_config = ssh_client_main_config_file -%}} +{{%- set sshc_config_dir = ssh_client_config_dir -%}} + - {{{ oval_metadata("Ensure 'RekeyLimit' is configured with the correct value in /etc/ssh/ssh_config and /etc/ssh/ssh_config.d/*.conf", rule_title=rule_title) }}} + {{{ oval_metadata("Ensure 'RekeyLimit' is configured with the correct value in " ~ sshc_main_config ~ " and " ~ sshc_config_dir ~ "/*.conf", rule_title=rule_title) }}} - - + + @@ -22,22 +25,23 @@ - + - /etc/ssh/ssh_config + {{{ sshc_main_config }}} ^[\s]*RekeyLimit.*$ 1 - + - ^/etc/ssh/ssh_config\.d/.*\.conf$ + {{{ sshc_config_dir }}} + .*\.conf$ 1 diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml index d9b564e17a4d..018a48cca00c 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml @@ -1,5 +1,8 @@ documentation_complete: true +{{% set sshc_main_config = ssh_client_main_config_file %}} +{{% set sshc_config_dir = ssh_client_config_dir %}} +{{% set sshc_rekey_config = ssh_client_config_dir ~ "/02-rekey-limit.conf" %}} title: 'Configure session renegotiation for SSH client' @@ -8,11 +11,11 @@ description: |- the session key is renegotiated, both in terms of amount of data that may be transmitted and the time elapsed. To decrease the default limits, put line - RekeyLimit {{{ xccdf_value("var_ssh_client_rekey_limit_size") }}} {{{ xccdf_value("var_ssh_client_rekey_limit_time") }}} to file /etc/ssh/ssh_config.d/02-rekey-limit.conf. + RekeyLimit {{{ xccdf_value("var_ssh_client_rekey_limit_size") }}} {{{ xccdf_value("var_ssh_client_rekey_limit_time") }}} to file {{{ sshc_rekey_config }}}. Make sure that there is no other RekeyLimit configuration preceding the include directive in the main config file - /etc/ssh/ssh_config. Check also other files in - /etc/ssh/ssh_config.d directory. Files are processed according to + {{{ sshc_main_config }}}. Check also other files in + {{{ sshc_config_dir }}} directory. Files are processed according to lexicographical order of file names. Make sure that there is no file processed before 02-rekey-limit.conf containing definition of RekeyLimit. @@ -37,12 +40,12 @@ ocil_clause: 'it is commented out or is not set' ocil: |- To check if RekeyLimit is set correctly, run the following command: - 
$ sudo grep RekeyLimit /etc/ssh/ssh_config.d/*.conf
+ 
$ sudo grep RekeyLimit {{{ sshc_config_dir }}}/*.conf
If configured properly, output should be - 
/etc/ssh/ssh_config.d/02-rekey-limit.conf:
+    
{{{ sshc_rekey_config }}}:
     RekeyLimit {{{ xccdf_value("var_ssh_client_rekey_limit_size") }}} {{{ xccdf_value("var_ssh_client_rekey_limit_time") }}}

     Check also the main configuration file with the following command:
-    
$ sudo grep RekeyLimit /etc/ssh/ssh_config

+    
$ sudo grep RekeyLimit {{{ sshc_main_config }}}

     The command should not return any output.
 
 fixtext: |-
@@ -53,4 +56,3 @@ fixtext: |-
     Restart the SSH daemon for the settings to take effect.
 
     $ sudo systemctl restart sshd.service
-
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh
index c90bd144ef7d..01445b652b99 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/bash/shared.sh
@@ -1,14 +1,16 @@
 # platform = multi_platform_ubuntu
 
 ssh_approved_ciphers="aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr"
+{{% set sshc_cipher_list_config = ssh_client_config_dir ~ "/00-cipher-list.conf" %}}
 
-main_config="/etc/ssh/ssh_config"
-include_directory="/etc/ssh/ssh_config.d"
+main_config="{{{ ssh_client_main_config_file }}}"
+include_directory="{{{ ssh_client_config_dir }}}"
+cipher_list_config="$include_directory/00-cipher-list.conf"
 
 sed -i '/^\s*[Cc]iphers.*/d' "$main_config" "$include_directory"/*.conf || true
 
-if ! grep -qE '^[Hh]ost\s+\*$' /etc/ssh/ssh_config.d/00-cipher-list.conf; then
-  echo 'Host *' >> /etc/ssh/ssh_config.d/00-cipher-list.conf
+if ! grep -qE '^[Hh]ost\s+\*$' "$cipher_list_config"; then
+  echo 'Host *' >> "$cipher_list_config"
 fi
 
-{{{ set_config_file(path="/etc/ssh/ssh_config.d/00-cipher-list.conf", parameter="Ciphers", value='$ssh_approved_ciphers', create=true, insert_before="", insert_after="^Host\s+\*$", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}}
+{{{ set_config_file(path=sshc_cipher_list_config, parameter="Ciphers", value='$ssh_approved_ciphers', create=true, insert_before="", insert_after="^Host\s+\*$", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}}
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/oval/shared.xml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/oval/shared.xml
index 3d6471f483cd..6a17966e11de 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/oval/shared.xml
@@ -1,40 +1,42 @@
 {{%- if product == 'ubuntu2404' %}}
 {{%- set ssh_approved_ciphers="aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr" %}}
 {{%- endif %}}
+{{%- set sshc_main_config = ssh_client_main_config_file -%}}
+{{%- set sshc_config_dir = ssh_client_config_dir -%}}
 
   
     {{{ oval_metadata("Limit the ciphers to those which are FIPS-approved.", rule_title=rule_title) }}}
     
-      
-      
       
     
   
 
   
     
     
   
 
   
-    /etc/ssh/ssh_config
+    {{{ sshc_main_config }}}
     ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#)
     1
   
 
   
     
     
   
 
   
-    /etc/ssh/ssh_config.d
+    {{{ sshc_config_dir }}}
     .*\.conf$
     ^[ \t]*(?i)ciphers(?-i)[ \t]+(.+?)[ \t]*(?:$|#)
     1
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml
index b390b8e81328..bc8f65cd23a0 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_approved_ciphers_ordered_stig/rule.yml
@@ -1,13 +1,14 @@
 {{%- if product == 'ubuntu2404' %}}
 {{%- set ssh_approved_ciphers = "aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr" %}}
 {{%- endif %}}
+{{%- set sshc_main_config = ssh_client_main_config_file -%}}
 documentation_complete: true
 
 title: 'Use Only FIPS 140-3 Validated Ciphers in SSH Client Configuration'
 
 description: |-
     Limit the ciphers to those algorithms which are FIPS-approved.
-    The following line in /etc/ssh/ssh_config
+    The following line in {{{ sshc_main_config }}}
     demonstrates use of FIPS-approved ciphers:
     {{%- if 'ubuntu' in product %}}
     
Ciphers {{{ ssh_approved_ciphers }}}

diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/bash/shared.sh
index 8c4fa3715f4b..c5bef9fd205b 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/bash/shared.sh
@@ -1,14 +1,16 @@
 # platform = multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("ssh_approved_macs") }}}
+{{%- set sshc_mac_list_config = ssh_client_config_dir ~ "/00-mac-list.conf" -%}}
 
-main_config="/etc/ssh/ssh_config"
-include_directory="/etc/ssh/ssh_config.d"
+main_config="{{{ ssh_client_main_config_file }}}"
+include_directory="{{{ ssh_client_config_dir }}}"
+mac_list_config="$include_directory/00-mac-list.conf"
 
 sed -i '/^\s*MACs.*/d' "$main_config" "$include_directory"/*.conf || true
 
-if ! grep -qE '^[Hh]ost\s+\*$' /etc/ssh/ssh_config.d/00-mac-list.conf; then
-  echo 'Host *' >> /etc/ssh/ssh_config.d/00-mac-list.conf
+if ! grep -qE '^[Hh]ost\s+\*$' "$mac_list_config"; then
+  echo 'Host *' >> "$mac_list_config"
 fi
 
-{{{ set_config_file(path="/etc/ssh/ssh_config.d/00-mac-list.conf", parameter="MACs", value='$ssh_approved_macs', create=true, insert_before="", insert_after="^Host\s+\*$", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}}
+{{{ set_config_file(path=sshc_mac_list_config, parameter="MACs", value='$ssh_approved_macs', create=true, insert_before="", insert_after="^Host\s+\*$", insensitive=false, separator=" ", separator_regex="\s\+", prefix_regex="^\s*", rule_id=rule_id) }}}
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/oval/shared.xml b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/oval/shared.xml
index be209a2537b6..a7dbbe5edee9 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/oval/shared.xml
@@ -1,11 +1,14 @@
+{{%- set sshc_main_config = ssh_client_main_config_file -%}}
+{{%- set sshc_config_dir = ssh_client_config_dir -%}}
+
 
   
     {{{ oval_metadata("Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.", rule_title=rule_title) }}}
     
       
-        
-        
       
       
@@ -13,27 +16,27 @@
   
 
   
     
     
   
 
   
-    /etc/ssh/ssh_config
+    {{{ sshc_main_config }}}
     ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#)
     1
   
 
   
     
     
   
 
   
-    /etc/ssh/ssh_config.d
+    {{{ sshc_config_dir }}}
     .*\.conf$
     ^[ \t]*(?i)MACs(?-i)[ \t]+(.+?)[ \t]*(?:$|#)
     1
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/rule.yml
index 45de2c107a32..a3b143a1e57f 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_use_approved_macs_ordered_stig/rule.yml
@@ -1,10 +1,12 @@
 documentation_complete: true
+{{% set sshc_main_config = ssh_client_main_config_file %}}
+{{%- set sshc_config_dir = ssh_client_config_dir -%}}
 
 title: 'Use Only FIPS 140-3 Validated MACs'
 
 description: |-
     Limit the MACs to those hash algorithms which are FIPS-approved.
-    The following line in /etc/ssh/ssh_config
+    The following line in {{{ sshc_main_config }}}
     demonstrates use of FIPS-approved MACs:
 
     
MACs {{{ ssh_approved_macs }}}

@@ -22,11 +24,10 @@ ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algor
 ocil: |-
     Only FIPS-approved MACs should be used. To verify that only FIPS-approved
     MACs are in use, run the following command:
-    
$ sudo grep -ir macs /etc/ssh/ssh_config*

+    
$ sudo grep -ir macs {{{ sshc_main_config }}} {{{ sshc_config_dir }}}

     The output should contain only following MACs:
     
MACs {{{ xccdf_value("ssh_approved_macs") }}}

 
 warnings:
     - general: |-
         The system needs to be rebooted for these changes to take effect.
-
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh
index 61cd291a5c59..bbc1f53d7c8d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh
@@ -1,7 +1,8 @@
 # platform = multi_platform_all
 
 #the file starts with 02 so that it is loaded before the 05-redhat.conf which activates configuration provided by system vide crypto policy
-file="/etc/ssh/ssh_config.d/02-ospp.conf"
+{{% set sshc_crypto_policy_config = ssh_client_config_dir ~ "/02-ospp.conf" %}}
+file="{{{ sshc_crypto_policy_config }}}"
 echo -e "Match final all\n\
 RekeyLimit 512M 1h\n\
 GSSAPIAuthentication no\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/oval/shared.xml
index f1227c5ef087..8700fda2e8be 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/oval/shared.xml
@@ -4,6 +4,7 @@
 #}}
 {{%- set suffix_id_default_not_overriden = "_default_not_overriden" -%}}
 {{%- set common_prefix_regex = "^Match final all(?:.*\n)*?\s*" -%}}
+{{%- set sshc_crypto_policy_config = ssh_client_config_dir ~ "/02-ospp.conf" -%}}
 
 
 
@@ -131,43 +132,43 @@
 
 
   
-    {{{ oval_metadata("Ensure the ssh client ciphers are configured correctly in /etc/ssh/ssh_config.d/02-ospp.conf", rule_title=rule_title) }}}
+    {{{ oval_metadata("Ensure the ssh client ciphers are configured correctly in " ~ sshc_crypto_policy_config, rule_title=rule_title) }}}
     
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Match') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='RekeyLimit') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='GSSAPIAuthentication') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Ciphers') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='PubkeyAcceptedKeyTypes') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='MACs') }}}
-        {{{ hsccp_oval_line_in_file_criterion(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='KexAlgorithms') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='Match') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='RekeyLimit') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='GSSAPIAuthentication') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='Ciphers') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='PubkeyAcceptedKeyTypes') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='MACs') }}}
+        {{{ hsccp_oval_line_in_file_criterion(path=sshc_crypto_policy_config, parameter='KexAlgorithms') }}}
     
   
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Match', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Match', separator_regex='[\s]+', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='Match', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='Match', separator_regex='[\s]+', missing_parameter_pass=false) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='Match', value='final all') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='RekeyLimit', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='RekeyLimit', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='RekeyLimit', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='RekeyLimit', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='RekeyLimit', value='512M 1h') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='GSSAPIAuthentication', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='GSSAPIAuthentication', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='GSSAPIAuthentication', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='GSSAPIAuthentication', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='GSSAPIAuthentication', value='no') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Ciphers', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='Ciphers', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='Ciphers', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='Ciphers', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='Ciphers', value='aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='PubkeyAcceptedKeyTypes', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='PubkeyAcceptedKeyTypes', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='PubkeyAcceptedKeyTypes', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='PubkeyAcceptedKeyTypes', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='PubkeyAcceptedKeyTypes', value='ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='MACs', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='MACs', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='MACs', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='MACs', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='MACs', value='hmac-sha2-512,hmac-sha2-256') }}}
 
-  {{{ hsccp_oval_line_in_file_test(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='KexAlgorithms', missing_parameter_pass=false) }}}
-  {{{ hsccp_oval_line_in_file_object(path='/etc/ssh/ssh_config.d/02-ospp.conf', parameter='KexAlgorithms', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
+  {{{ hsccp_oval_line_in_file_test(path=sshc_crypto_policy_config, parameter='KexAlgorithms', missing_parameter_pass=false) }}}
+  {{{ hsccp_oval_line_in_file_object(path=sshc_crypto_policy_config, parameter='KexAlgorithms', separator_regex='[\s]+', missing_parameter_pass=false, prefix_regex=common_prefix_regex) }}}
   {{{ hsccp_oval_line_in_file_state(parameter='KexAlgorithms', value='ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1') }}}
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/rule.yml
index 4d50c3ceca6e..2e7e19c30ae8 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/rule.yml
@@ -1,10 +1,12 @@
 documentation_complete: true
+{{% set sshc_config_dir = ssh_client_config_dir %}}
+{{% set sshc_crypto_policy_config = ssh_client_config_dir ~ "/02-ospp.conf" %}}
 
 title: 'Harden SSH client Crypto Policy'
 
 description: |-
     Crypto Policies are means of enforcing certain cryptographic settings for selected applications including OpenSSH client.
-    To override the system wide crypto policy for Openssh client, place a file in the /etc/ssh/ssh_config.d/ so that it is loaded before the 05-redhat.conf. In this case it is file named 02-ospp.conf containing parameters which need to be changed with respect to the crypto policy.
+    To override the system wide crypto policy for Openssh client, place a file in the {{{ sshc_config_dir }}} directory so that it is loaded before the 05-redhat.conf. In this case it is the {{{ sshc_crypto_policy_config }}} file containing parameters which need to be changed with respect to the crypto policy.
     This rule checks if the file exists and if it contains required parameters and values which modify the Crypto Policy.
     During the parsing process, as soon as Openssh client parses some configuration option and its value, it remembers it and ignores any subsequent overrides. The customization mechanism provided by crypto policies appends eventual customizations at the end of the system wide crypto policy. Therefore, if the crypto policy customization overrides some parameter which is already configured in the system wide crypto policy, the SSH client will not honor that customized parameter.
 
@@ -28,7 +30,7 @@ ocil_clause: 'Crypto Policy for OpenSSH Client is not configured according to CC
 
 ocil: |-
     To verify if the OpenSSH Client uses defined Crypto Policy, run:
-    
$ cat /etc/ssh/ssh_config.d/02-ospp.conf

+    
$ cat {{{ sshc_crypto_policy_config }}}

     and verify that the line matches
     
Match final all

     
RekeyLimit 512M 1h

diff --git a/ssg/constants.py b/ssg/constants.py
index f104ecec2c34..efe4d8981826 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -459,6 +459,8 @@
 DEFAULT_FAILLOCK_PATH = '/var/run/faillock'
 DEFAULT_SSH_DISTRIBUTED_CONFIG = 'false'
 DEFAULT_SSH_RUNTIME_CHECK = 'false'
+DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE = '/etc/ssh/ssh_config'
+DEFAULT_SSH_CLIENT_CONFIG_DIR = '/etc/ssh/ssh_config.d'
 DEFAULT_PRODUCT = 'example'
 DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf'
 DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/'
diff --git a/ssg/products.py b/ssg/products.py
index 4c1e0c65367d..811c407309ed 100644
--- a/ssg/products.py
+++ b/ssg/products.py
@@ -17,6 +17,8 @@
                         DEFAULT_RSYSLOG_CAFILE,
                         DEFAULT_SSH_DISTRIBUTED_CONFIG,
                         DEFAULT_SSH_RUNTIME_CHECK,
+                        DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE,
+                        DEFAULT_SSH_CLIENT_CONFIG_DIR,
                         DEFAULT_CHRONY_CONF_PATH,
                         DEFAULT_CHRONY_D_PATH,
                         DEFAULT_AUDISP_CONF_PATH,
@@ -111,6 +113,12 @@ def _get_implied_properties(existing_properties):
     if "sshd_runtime_check" not in existing_properties:
         result["sshd_runtime_check"] = DEFAULT_SSH_RUNTIME_CHECK
 
+    if "ssh_client_main_config_file" not in existing_properties:
+        result["ssh_client_main_config_file"] = DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE
+
+    if "ssh_client_config_dir" not in existing_properties:
+        result["ssh_client_config_dir"] = DEFAULT_SSH_CLIENT_CONFIG_DIR
+
     if "product" not in existing_properties:
         result["product"] = DEFAULT_PRODUCT
 
diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml
index 5c49951cfdfc..6960324b82b7 100644
--- a/tests/data/product_stability/alinux2.yml
+++ b/tests/data/product_stability/alinux2.yml
@@ -39,6 +39,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml
index 6a3f6906a444..72a448c989e2 100644
--- a/tests/data/product_stability/alinux3.yml
+++ b/tests/data/product_stability/alinux3.yml
@@ -39,6 +39,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml
index a75b269f7a1d..6c4496620903 100644
--- a/tests/data/product_stability/anolis23.yml
+++ b/tests/data/product_stability/anolis23.yml
@@ -38,6 +38,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml
index 3718ddc46c3e..74c0a87365aa 100644
--- a/tests/data/product_stability/anolis8.yml
+++ b/tests/data/product_stability/anolis8.yml
@@ -38,6 +38,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml
index e158e949bf47..7fd477a22772 100644
--- a/tests/data/product_stability/debian11.yml
+++ b/tests/data/product_stability/debian11.yml
@@ -43,6 +43,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 11
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
 pkg_system: dpkg
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
index 4433efbfa427..d4d023a77bdb 100644
--- a/tests/data/product_stability/debian12.yml
+++ b/tests/data/product_stability/debian12.yml
@@ -43,6 +43,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 12
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/debian13.yml b/tests/data/product_stability/debian13.yml
index f396cebdb375..33be9bc93c5e 100644
--- a/tests/data/product_stability/debian13.yml
+++ b/tests/data/product_stability/debian13.yml
@@ -44,6 +44,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 13
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-trixie.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml
index 749fc432b180..20bffb95aa8b 100644
--- a/tests/data/product_stability/eks.yml
+++ b/tests/data/product_stability/eks.yml
@@ -47,6 +47,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml
index 14d69b7c198f..9e7ba09c7695 100644
--- a/tests/data/product_stability/example.yml
+++ b/tests/data/product_stability/example.yml
@@ -40,6 +40,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml
index d0885a22d8ad..2f8b1e1143cc 100644
--- a/tests/data/product_stability/fedora.yml
+++ b/tests/data/product_stability/fedora.yml
@@ -75,6 +75,8 @@ latest_version: 38
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml
index 23f9456dbaf5..6002809a6e2a 100644
--- a/tests/data/product_stability/firefox.yml
+++ b/tests/data/product_stability/firefox.yml
@@ -38,6 +38,8 @@ grub_helper_executable: grubby
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 platform_package_overrides:
   aarch64_arch: null
diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml
index b0f8c5866d48..c35afa6f3187 100644
--- a/tests/data/product_stability/ocp4.yml
+++ b/tests/data/product_stability/ocp4.yml
@@ -147,6 +147,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
index 4d692ffb7ca5..1096df073e56 100644
--- a/tests/data/product_stability/ol7.yml
+++ b/tests/data/product_stability/ol7.yml
@@ -44,6 +44,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 7
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol7.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
index f3ac4181da82..6141a4763625 100644
--- a/tests/data/product_stability/ol8.yml
+++ b/tests/data/product_stability/ol8.yml
@@ -34,6 +34,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 8
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol8.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml
index 1bf88e99cfd9..00554b94a7f0 100644
--- a/tests/data/product_stability/ol9.yml
+++ b/tests/data/product_stability/ol9.yml
@@ -37,6 +37,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 9
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol9.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml
index 344874dfc136..93bf99eee86c 100644
--- a/tests/data/product_stability/openembedded.yml
+++ b/tests/data/product_stability/openembedded.yml
@@ -51,6 +51,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
index 9174e81bd4df..cd2d44dde1a5 100644
--- a/tests/data/product_stability/opensuse.yml
+++ b/tests/data/product_stability/opensuse.yml
@@ -47,6 +47,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
 pkg_manager_config_file: /etc/zypp/zypper.conf
diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml
index ccb1445bee05..85572c162b9c 100644
--- a/tests/data/product_stability/rhcos4.yml
+++ b/tests/data/product_stability/rhcos4.yml
@@ -41,6 +41,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel10.yml b/tests/data/product_stability/rhel10.yml
index 1e96007149d5..9fc747fe5f06 100644
--- a/tests/data/product_stability/rhel10.yml
+++ b/tests/data/product_stability/rhel10.yml
@@ -47,6 +47,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 10
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
index 519c9ece1ffb..8cbc461cc6c0 100644
--- a/tests/data/product_stability/rhel8.yml
+++ b/tests/data/product_stability/rhel8.yml
@@ -97,6 +97,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 8
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml
index 6e23814da258..a5088f4c88cb 100644
--- a/tests/data/product_stability/rhel9.yml
+++ b/tests/data/product_stability/rhel9.yml
@@ -53,6 +53,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 9
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml
index 18a495e60dde..bd5c00c62f74 100644
--- a/tests/data/product_stability/rhv4.yml
+++ b/tests/data/product_stability/rhv4.yml
@@ -46,6 +46,8 @@ init_system: systemd
 login_defs_path: /etc/login.defs
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml
index fd1c6c58f621..cf5900a55079 100644
--- a/tests/data/product_stability/sle12.yml
+++ b/tests/data/product_stability/sle12.yml
@@ -46,6 +46,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 12
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml
index df80c5c692d4..0906c99bdd8a 100644
--- a/tests/data/product_stability/sle15.yml
+++ b/tests/data/product_stability/sle15.yml
@@ -47,6 +47,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 15
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml
index 7010b1dae93a..686db2a838ab 100644
--- a/tests/data/product_stability/ubuntu2204.yml
+++ b/tests/data/product_stability/ubuntu2204.yml
@@ -44,6 +44,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 2204
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.jammy.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/ubuntu2404.yml b/tests/data/product_stability/ubuntu2404.yml
index 9918311b1913..f1cd45e5d536 100644
--- a/tests/data/product_stability/ubuntu2404.yml
+++ b/tests/data/product_stability/ubuntu2404.yml
@@ -45,6 +45,8 @@ login_defs_path: /etc/login.defs
 major_version_ordinal: 2404
 nobody_gid: 65534
 nobody_uid: 65534
+ssh_client_config_dir: /etc/ssh/ssh_config.d
+ssh_client_main_config_file: /etc/ssh/ssh_config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get