1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_collection_users.git synced 2024-08-16 10:29:50 +02:00
ansible_collection_users/roles/sshd/tasks/server_keys.yml

35 lines
998 B
YAML
Raw Normal View History

2024-02-15 02:51:39 +01:00
---
- name: Generate new ssh host key pair if necessary
become: true
community.crypto.openssh_keypair:
path: "/etc/ssh/ssh_host_{{ item }}_key"
type: "{{ item }}"
group: root
mode: '0600'
owner: 'root'
with_items: "{{ l3d_users__sshd_server_key_types }}"
when:
- l3d_users__sshd_manage_server_key_types | bool
notify:
- 'systemctl restart sshd'
- name: Make sure only the correct keys are available
ansible.builtin.file:
path: '/etc/ssh/ssh_host_{{ item }}_key'
state: absent
become: true
with_items:
- "{{ l3d_users__sshd_key_types_list | difference(l3d_users__sshd_server_key_types) }}"
notify:
- 'systemctl restart sshd'
- name: Make sure only the correct pubkeys are available
ansible.builtin.file:
path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
state: absent
become: true
with_items:
- "{{ l3d_users__sshd_key_types_list | difference(l3d_users__sshd_server_key_types) }}"
notify:
- 'systemctl restart sshd'