+++ This bug was initially created as a clone of Bug #1611043 +++

Description of problem:
Undercloud should have RHEL default sshd_config

Current RHEL default sshd_config configuration is below.
~~~
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem	sftp	/usr/libexec/openssh/sftp-server
~~~

On the other hand, after undercloud installation, sshd_config is changed to 
~~~
# cat /etc/ssh/sshd_config 
# File is managed by Puppet
Port 22

AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PrintMotd no
Subsystem sftp /usr/libexec/openssh/sftp-server
UsePAM yes
X11Forwarding yes
~~~

Especially SyslogFacility will change the target of log ouput from /var/log/secure to /var/log/messages.
This kind of change will make support and user confused.

Version-Release number of selected component (if applicable):
Current puppet-tripleo

How reproducible:
Every time after undercloud is deployed and restarted.

Steps to Reproduce:
0. Confirm current sshd_config.
1. Install and restart Undercloud.
2. Confirm the change of sshd_config and /var/log/mesasges has sshd logs.
3.

Actual results:
sshd logs is written to /var/log/messages.

Expected results:
sshd logs should be written to /var/log/secure as RHEL's default configuration does

--- Additional comment from Cédric Jeanneret on 2018-08-06 10:53:57 EDT ---

Hello,

Apparently something has already been done on that field, and has even been backported to previous versions:

https://review.openstack.org/#/q/I1d09530d69e42c0c36311789166554a889e46556
https://review.openstack.org/#/q/Ie2e01d93082509b8ede37297067eab03bb1ab06e

Care to provide your package version, especially for that one:
openstack-tripleo-heat-templates

Thank you!

Cheers,

C.

--- Additional comment from Keigo Noha on 2018-08-08 22:36:49 EDT ---

Hello Cédric,

My testing environment uses openstack-tripleo-heat-templates-8.0.2-43.el7ost.noarch.

In overcloud, the sshd_config doens't have the same issue.
Undercloud has the issue in sshd_config.

Best Regards,
Keigo Noha

--- Additional comment from Cédric Jeanneret on 2018-08-09 01:59:33 EDT ---

Hello Keigo,

Thank you for the precisions. Apparently also hitting openstack-tripleo-heat-templates-8.0.4-16.el7ost.noarch - I'll probably need to cherry-pick the commits I mentioned in my previous comment.

I keep you updated.

Cheers,

C.

--- Additional comment from Cédric Jeanneret on 2018-08-09 04:19:30 EDT ---

Hello Keigo,

After some more struggles, the affected package was wrong - on rhosp-13, the undercloud does not use tripleo-heat-templates as I thought, but "instack-undercloud".

I've proposed an upstream patch:
https://review.openstack.org/#/c/590182/

Once it's merged, I'll cherry-pick it into the relevant branches, and push it downstream for rhosp-13.

It will hence take some time, as it must pass multiple validations.

Thank you for your patience.

Cheers,

C.