From 7d8c04a8c81fe1338244e6cc537b9dc552c66ea9 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 8 Mar 2021 21:39:39 +0100 Subject: [PATCH] now using ansible builtin stuff to manage sshd --- tasks/keys.yml | 32 ++++++++++---------------------- vars/main.yml | 2 +- 2 files changed, 11 insertions(+), 23 deletions(-) diff --git a/tasks/keys.yml b/tasks/keys.yml index 30d1e8e..bb286de 100644 --- a/tasks/keys.yml +++ b/tasks/keys.yml @@ -1,42 +1,30 @@ --- - name: Generate new ssh host key pair if necessary - become: yes - command: ssh-keygen -t ecdsa -f 'ssh_host_{{ item }}_key' -P '' -q - args: - chdir: '/etc/ssh/' - creates: 'ssh_host_{{ item }}_key.pub' - notify: - - systemctl restart ssh + become: true + community.crypto.openssh_keypair: + path: "/etc/ssh/ssh_host_{{ item }}_key" + type: "{{ item }}" with_items: "{{ sshd__key_types }}" when: - sshd__manage_key_types | bool - -- name: Remove unwanted host keys - become: yes - file: - path: '/etc/ssh/ssh_host_{{ item }}_key' - state: absent - with_items: - - rsa - - dsa notify: - systemctl restart ssh -- name: make sure the correct keys are available - file: +- name: make sure only the correct keys are available + ansible.builtin.file: path: '/etc/ssh/ssh_host_{{ item }}_key' state: absent - become: yes + become: true with_items: - "{{ sshd__key_types_list | difference( sshd__key_types ) }}" notify: - systemctl restart ssh -- name: make sure the correct pubkeys are available - file: +- name: make sure only the correct pubkeys are available + ansible.builtin.file: path: '/etc/ssh/ssh_host_{{ item }}_key.pub' state: absent - become: yes + become: true with_items: - "{{ sshd__key_types_list | difference( sshd__key_types ) }}" notify: diff --git a/vars/main.yml b/vars/main.yml index 54a504c..12ea23e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 4099 # should be over ninethousand +playbook_version_number: 4100 # should be over ninethousand playbook_version_path: 'role-sshd_chaos-bodensee_github.com.version'