I have several ESXi hosts that were upgraded from v6.7 to 7.0. I need to comply with DISA STIG Checklists for these servers. The ESXi STIG has not been updated for 7.0 as far as I am aware, so I have to make due with the old checklist.
There are 2 items I have difficulty with regarding SSH configuration. Most of the SSH settings are complaint out of the box, but the "MaxConnections" and "AcceptENV" options are either missing or commented out. If I try to add these to the sshd_config file, it saves, but as soon as I restart the sshd service, the config is wiped and restore to the previous version.
I understand why this is probably happening, but that does not remove the need for these settings so that I can report I am in compliance.
Is there some way to append these settings to the sshd_config that is persistent?
I have tried to use the DoD STIG VIB Fling in the past, but that seems to break the SSH service completely on ESXi v7.