Skip to content

Jinja syntax error when running ssh_hardening #886

New issue
New issue
Closed
Closed
Jinja syntax error when running ssh_hardening#886
Labels
buginvalid
@sdwilsh

Description

@sdwilsh
sdwilsh
opened on Jul 27, 2025

Description

When running the ssh_hardening role, both the ssh_config and sshd_config templates fail.

Reproduction steps

---
- hosts: ...
  roles:
    - role: devsec.hardening.ssh_hardening
      vars:
        ssh_kerberos_supprt: false
        ssh_listen_to:
          - 0.0.0.0
        ssh_pkgs: [] # Installed and managed via bootc-based image.

Current Behavior

TASK [devsec.hardening.ssh_hardening : Create sshd_config and set permissions to root/600] ******************************************************************************************************
[ERROR]: Task failed: Syntax error in template: TemplateOverrides.trim_blocks must be <class 'bool'> instead of <class 'str'>

Task failed.
Origin: /workspaces/ansible-playbooks/external_collections/ansible_collections/devsec/hardening/roles/ssh_hardening/tasks/hardening.yml:69:3

67   when: ssh_server_hardening | bool
68
69 - name: Create sshd_config and set permissions to root/600
     ^ column 3

<<< caused by >>>

Syntax error in template: TemplateOverrides.trim_blocks must be <class 'bool'> instead of <class 'str'>
Origin: /workspaces/ansible-playbooks/external_collections/ansible_collections/devsec/hardening/roles/ssh_hardening/templates/opensshd.conf.j2

Expected Behavior

This should run to completion.

OS / Environment

I'm running in a ubuntu-based dev container connecting to a fedora-bootc-based host.

Ansible Version

ansible [core 2.19.0]
  config file = /workspaces/ansible-playbooks/ansible.cfg
  configured module search path = ['/home/vscode/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.13/site-packages/ansible
  ansible collection location = /workspaces/ansible-playbooks/external_collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.13.5 (main, Jul  1 2025, 05:26:47) [GCC 12.2.0] (/usr/local/bin/python3.13)
  jinja version = 3.1.6
  pyyaml version = 6.0.2 (with libyaml v0.2.5)

Collection Version

10.3.0

Additional information

...

Metadata

Metadata

Assignees

No one assigned

    Labels

    buginvalid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions