WIP/POC: RAN Hardening (High): Top 5 SSHD

[sebrandon1]

Based on changes from: #339

I'm breaking down the high level compliance remediation objects into smaller and more manageable and reviewable YAML files. I asked AI to help me break down the 5 highest priority flags from #339 and put them in their own individual files.

Files Added

• 75-sshd_config-base.yaml - Enables the /etc/ssh/sshd_config.d/ include directory for modular SSH configuration management

• 76-sshd-disable-root-login.yaml - Disables direct root SSH access (PermitRootLogin no), forcing use of privilege escalation for administrative tasks

• 77-sshd-disable-password-auth.yaml - Disables password-based authentication (PasswordAuthentication no, PermitEmptyPasswords no) to prevent brute-force attacks, password spraying, and credential stuffing

• 78-sshd-session-timeout.yaml - Implements automatic session timeout after 5 minutes of inactivity (ClientAliveInterval 300, ClientAliveCountMax 0) to prevent abandoned session hijacking

• 79-sshd-enable-pubkey-auth.yaml - Explicitly enables public key authentication (PubkeyAuthentication yes) as the primary authentication method

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sebrandon1
Once this PR has been reviewed and has the lgtm label, please assign lack for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sebrandon1]

Closing in favor of: #466