mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
manage ssh host keys
This commit is contained in:
Lilian Roller
parent
9768133a23
commit
1ab79c4b78
6 changed files with 38 additions and 36 deletions
|
|
@ -8,10 +8,10 @@ sshd:
|
|||
manage_key_types: true
|
||||
# choose ssh server allowed key types
|
||||
key_types:
|
||||
- ed25519
|
||||
# - rsa
|
||||
# - ecdsa
|
||||
# - dsa # (do not use!)
|
||||
- 'ed25519'
|
||||
# - 'rsa'
|
||||
# - 'ecdsa'
|
||||
# - 'dsa' # (do not use!)
|
||||
|
||||
key_algorithmus:
|
||||
- 'ssh-ed25519-cert-v01@openssh.com'
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@
|
|||
with_items: "{{ sshd.key_types }}"
|
||||
when:
|
||||
- sshd.manage_key_types | bool
|
||||
- pause:
|
||||
|
||||
- name: Remove unwanted host keys
|
||||
become: yes
|
||||
|
|
@ -56,49 +55,22 @@
|
|||
notify:
|
||||
- systemctrl restart ssh
|
||||
|
||||
- name: Remove unwanted host keys
|
||||
become: yes
|
||||
file:
|
||||
path: '/etc/ssh/ssh_host_{{ item }}_key'
|
||||
state: absent
|
||||
with_items:
|
||||
- ecdsa
|
||||
- rsa
|
||||
- dsa
|
||||
notify:
|
||||
- systemctrl restart ssh
|
||||
when:
|
||||
- not generate_ecdsa_too | bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
- do_not_delete_legacy_ssh_keys | bool
|
||||
|
||||
- name: make sure the correct keys are available
|
||||
file:
|
||||
path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
|
||||
path: '/etc/ssh/ssh_host_{{ item }}_key'
|
||||
state: absent
|
||||
become: yes
|
||||
with_items:
|
||||
- ecdsa
|
||||
- rsa
|
||||
- dsa
|
||||
- "{{ sshd_key_types_list | difference( sshd.key_types ) }}"
|
||||
notify:
|
||||
- systemctrl restart ssh
|
||||
when:
|
||||
- not generate_ecdsa_too | bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
- do_not_delete_legacy_ssh_keys | bool
|
||||
|
||||
- name: make sure the correct keys are available except ecdsa
|
||||
- name: make sure the correct pubkeys are available
|
||||
file:
|
||||
path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
|
||||
state: absent
|
||||
become: yes
|
||||
with_items:
|
||||
- rsa
|
||||
- dsa
|
||||
- "{{ sshd_key_types_list | difference( sshd.key_types ) }}"
|
||||
notify:
|
||||
- systemctrl restart ssh
|
||||
when:
|
||||
- generate_ecdsa_too | bool
|
||||
- ansible_distribution_release != 'wheezy'
|
||||
- do_not_delete_legacy_ssh_keys | bool
|
||||
|
|
|
|||
|
|
@ -1,2 +1,10 @@
|
|||
---
|
||||
sshd_service: sshd
|
||||
sshd_key_types_list:
|
||||
- ed25519
|
||||
- rsa
|
||||
- ecdsa
|
||||
- dsa
|
||||
|
||||
sshd_xauth:
|
||||
- xorg-xauth
|
||||
|
|
|
|||
|
|
@ -1,2 +1,10 @@
|
|||
---
|
||||
sshd_service: sshd
|
||||
sshd_key_types_list:
|
||||
- ed25519
|
||||
- rsa
|
||||
- ecdsa
|
||||
- dsa
|
||||
|
||||
sshd_xauth:
|
||||
- xorg-xauth
|
||||
|
|
|
|||
|
|
@ -1,4 +1,10 @@
|
|||
---
|
||||
sshd_service: ssh
|
||||
sshd_key_types_list:
|
||||
- ed25519
|
||||
- rsa
|
||||
- ecdsa
|
||||
- dsa
|
||||
|
||||
sshd_xauth:
|
||||
- xorg-xauth
|
||||
|
|
|
|||
|
|
@ -1,2 +1,10 @@
|
|||
---
|
||||
sshd_service: sshd
|
||||
sshd_key_types_list:
|
||||
- ed25519
|
||||
- rsa
|
||||
- ecdsa
|
||||
- dsa
|
||||
|
||||
sshd_xauth:
|
||||
- xorg-xauth
|
||||
|
|
|
|||
Loading…
Reference in a new issue