diff --git a/openssh-config/centos/build_srpm.data b/openssh-config/centos/build_srpm.data
new file mode 100644
index 0000000..da1e20b
--- /dev/null
+++ b/openssh-config/centos/build_srpm.data
@@ -0,0 +1,2 @@
+SRC_DIR="files"
+TIS_PATCH_VER=0
diff --git a/openssh-config/centos/openssh-config.spec b/openssh-config/centos/openssh-config.spec
new file mode 100644
index 0000000..70a6c6a
--- /dev/null
+++ b/openssh-config/centos/openssh-config.spec
@@ -0,0 +1,40 @@
+Summary: openssh-config
+Name: openssh-config
+Version: 1.0
+Release: %{tis_patch_ver}%{?_tis_dist}
+License: Apache-2.0
+Group: base
+Packager: StarlingX
+URL: unknown
+BuildArch: noarch
+Source: %name-%version.tar.gz
+
+Requires: %{_bindir}/systemctl
+Requires: openssh
+Summary: package StarlingX configuration files of openssh to system folder.
+
+%description
+package StarlingX configuration files of openssh to system folder.
+
+%prep
+%setup
+
+%build
+
+%install
+%{__install} -d  %{buildroot}%{_datadir}/starlingx
+%{__install} -d  %{buildroot}%{_sysconfdir}/systemd/system
+%{__install} -m 644 sshd.pam      %{buildroot}%{_datadir}/starlingx/sshd.pam
+%{__install} -m 644 sshd.service  %{buildroot}%{_sysconfdir}/systemd/system/sshd.service
+
+%post
+%define _pamconfdir %{_sysconfdir}/pam.d
+if [ $1 -eq 1 ] ; then
+        # Initial installation
+        cp -f %{_datadir}/starlingx/sshd.pam  %{_pamconfdir}/sshd
+fi
+%{_bindir}/systemctl disable sshd.service  > /dev/null 2>&1 || :
+
+%files
+%{_datadir}/starlingx/sshd.pam
+%{_sysconfdir}/systemd/system/sshd.service
diff --git a/openssh-config/files/sshd.pam b/openssh-config/files/sshd.pam
new file mode 100644
index 0000000..3d6ce0a
--- /dev/null
+++ b/openssh-config/files/sshd.pam
@@ -0,0 +1,24 @@
+# WRSM-1.0
+
+auth       include      common-auth
+account    required     pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session    [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+account    include      common-account
+password   include      common-password
+session    optional     pam_keyinit.so force revoke
+session    include      common-session
+session    required     pam_loginuid.so
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/openssh-config/files/sshd.service b/openssh-config/files/sshd.service
new file mode 100644
index 0000000..5cba529
--- /dev/null
+++ b/openssh-config/files/sshd.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=OpenSSH server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+After=network.target sshd-keygen.service
+Wants=sshd-keygen.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/sshd
+ExecStart=/etc/init.d/sshd start
+ExecStop=/etc/init.d/sshd stop
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/var/run/sshd.pid
+KillMode=none
+#Restart=on-failure
+#RestartSec=42s
+
+[Install]
+WantedBy=multi-user.target