I have installed the openssh rpms
In the default sshd_config file, I do not see "Include" directive mentioned in it. Also "/etc/ssh/sshd_config.d" is not created by rpm. So what I did is created /etc/ssh/sshd_config.d directory and added this "Include /etc/ssh/sshd_config.d/*.conf" in last line of /etc/ssh/sshd_config. I am using puppet to override the default sshd_config file by setting sshd_config_path parameter in puppet ssh module to "/etc/sshd_config.d/01_sshd_config.conf". ssh module of puppet is just take a copy of sshd_config file and replacing the lines as per puppet configurations. With this I face issues like having conflicting & duplicate values for many sshd_config configurations. It would be really helpful if someone helps me out with this issue. Thanks in advance!!
Adding the Include directive in the top also doesn't solve my problem. I am aware of the sshd man page note
first obtained value for each parameter is used in sshd : Order matters only when conflicting parameters exist, as the first obtained value for each parameter is used
In the default sshd_config file, I do not see "Include" directive mentioned in it. grep -nr "Include" /etc/ssh/sshd_config returns nothing. Also "/etc/ssh/sshd_config.d" is not created by rpm.
I don't find that particularly surprising. The logical contents of sshd_config are order- and context-sensitive, so although there is an Include directive available, using it to provide for generic drop-in sshd configuration files doesn't work very well. I could see a more targeted approach involving drop-in files, perhaps, but not what you're actually trying to do.
Nevertheless, ...
what I did is created /etc/ssh/sshd_config.d directory and added this "Include /etc/ssh/sshd_config.d/*.conf" in last line of /etc/ssh/sshd_config.
... sure, you can do that if you want. But this ...
I am using puppet to override the default sshd_config file by setting sshd_config_path parameter in puppet ssh module to "/etc/sshd_config.d/custom_sshd_config.conf".
... seems both to misrepresent fact and to be unwise. In the first place, no, you are not overriding the default config file. That suggests that sshd would use the config file you specify instead of /etc/sshd/sshd_config, but clearly that's not happening. What you are doing is simply telling Puppet to manage a different file instead.
In the second place, doing that in the way you are doing it is downright begging for exactly the kind of problem you observe: duplicate / inconsistent configuration. You're managing etc/sshd_config.d/custom_sshd_config.conf as if it were a complete sshd configuration file (because that's what the module does), yet the only way it gets used at all is by being included by the main config file.
It's not clear how you even expect to gain anything from this, when you could simply manage the regular config file directly. You say that you can't do that, but you already are doing it, in the sense that you are placing an Include directive in it that was not provided by the RPM.
What I expect is "Include directive file should behave like overrides of default sshd_config". Is there any way to automate this in puppet like whenever an sshd configuration is overridden in custom_sshd_config file that needs to be commented in default sshd_config so that it will be overridden in real.
The module you're using (see also below) does not do this, and I don't see why it would. If you're going to modify the main config file anyway, then why would you not put the configuration directives you want there? Or if indeed you must not modify that file, then why are you proposing an approach that involves modifying it (further)?
One way to move forward would be to indeed change which file sshd uses for its main config file. You could do that on EL8 by managing sshd's systemd unit file to add an appropriate -f option to the sshd command line it uses.
Or if you're ok with modifying /etc/ssh/sshd_config after all, but you still want drop-in files, then you could consider removing everything but the Include directive from the main config file, and otherwise proceeding as you already are doing.
But if you want exactly what you describe, then you'll need to write your own module to handle it.
Speaking of modules, though, the one you linked to is a less-maintained and little used fork of the massively popular, Puppet-approved one by ghoneycutt. At this point, the two are out of sync. Unless you need something that's not in ghoneycutt's version, I would strongly suggest switching.