Using the latest version of compliance operator 1.8, some sshd related checks fail even though all the configuration are in place and even the remediations applied.

oc get compliancecheckresults| grep FAIL
openssh-unificata-hardening-master-sshd-allow-only-protocol2 FAIL high
openssh-unificata-hardening-master-sshd-disable-rhosts-rsa FAIL medium
openssh-unificata-hardening-master-sshd-use-priv-separation FAIL medium
openssh-unificata-hardening-worker-sshd-allow-only-protocol2 FAIL high
openssh-unificata-hardening-worker-sshd-disable-rhosts-rsa FAIL medium
openssh-unificata-hardening-worker-sshd-use-priv-separation FAIL medium

Looking at the nodes, the files are configured as expected.
Protocol 2
sh-5.1# grep -ri RhostsRSAAuthentication sshd_config
RhostsRSAAuthentication no
sh-5.1# grep -ri privilegesepa sshd_config
UsePrivilegeSeparation sandbox

This is probably due to the refactoring in sshd checks .

https://github.com/ComplianceAsCode/compliance-operator/pull/978/files

In fact in the newer version the checks relies on the output of 'sshd -T'

sh-5.1# sshd -T 2>&1 | grep -i protocol
sh-5.1# sshd -T 2>&1 | grep -i separa
/etc/ssh/sshd_config.d/00-complianceascode-UsePrivilegeSeparation.conf line 1: Deprecated option UsePrivilegeSeparation
/etc/ssh/sshd_config line 152: Deprecated option UsePrivilegeSeparation
sh-5.1# sshd -T 2>&1 | grep -i rsaauth
/etc/ssh/sshd_config.d/00-complianceascode-RhostsRSAAuthentication.conf line 1: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config line 155: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config.d/00-complianceascode-RhostsRSAAuthentication.conf line 1: Deprecated option RhostsRSAAuthentication
reprocess config line 155: Deprecated option RhostsRSAAuthentication

The sshd version installed is OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

Would it possible to avoid those checks to be performed at all starting from the openssh version that made those setting defaults.?