From 48f0c7db53f8a2856f1a081a721c721599a6e800 Mon Sep 17 00:00:00 2001
From: Ionut Pruteanu <ionut.pruteanu@siemens.com>
Date: Fri, 19 Jan 2024 16:11:02 +0200
Subject: [PATCH] Using again the default values used by Lockdown for sshd
 vars, as they shouldn't be altered

Signed-off-by: Ionut Pruteanu <ionut.pruteanu@siemens.com>
---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4ffa634..888fdd8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1016,11 +1016,11 @@ rhel9cis_sshd:
     # This variable sets the maximum number of unresponsive "keep-alive" messages
     # that can be sent from the server to the client before the connection is considered
     # inactive and thus, closed.
-    clientalivecountmax: 3
+    clientalivecountmax: 0
     # This variable sets the time interval in seconds between sending "keep-alive"
     # messages from the server to the client. These types of messages are intended to
     # keep the connection alive and prevent it being terminated due to inactivity.
-    clientaliveinterval: 300
+    clientaliveinterval: 900
     # This variable specifies the amount of seconds allowed for successful authentication to
     # the SSH server.
     logingracetime: 60