coredotbin/ansible-role-openssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

Update hostkey templating

Browse Source 
Multiple HostKeys can now be defined as a list, instead of allowing only one custom HostKey entry
This commit is contained in:
Corbin Bartsch 2023-10-29 14:01:22 -04:00
parent 4f4c5676e9
commit 9da630d612
Signed by: coredotbin
GPG Key ID: 32D3B80A08D93212
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
defaults/main.yaml
View File

@ -7,6 +7,11 @@ openssh_address_family: any
openssh_listen_addresses: openssh_listen_addresses:
- 0.0.0.0 - 0.0.0.0
openssh_hostkeys:
- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_rsa_key
openssh_allow_groups: ssh openssh_allow_groups: ssh
openssh_login_grace_time: 20 openssh_login_grace_time: 20
openssh_permit_root_login: 'no' openssh_permit_root_login: 'no'

10
templates/sshd_config.j2
View File

@ -6,12 +6,10 @@ AddressFamily {{ openssh_address_family }}
ListenAddress {{ a }} ListenAddress {{ a }}
{% endfor %} {% endfor %}
{% if openssh_hostkey_file is defined %} {% if openssh_hostkeys is defined %}
HostKey {{ openssh_hostkey_file }} {% for hostkey in openssh_hostkeys %}
{% else %} HostKey {{ hostkey }}
HostKey /etc/ssh/openssh_host_ecdsa_key {% endfor %}
HostKey /etc/ssh/openssh_host_ed25519_key
HostKey /etc/ssh/openssh_host_rsa_key
{% endif %} {% endif %}
{% if openssh_kexalgorithms is defined %} {% if openssh_kexalgorithms is defined %}