coredotbin/ansible-role-openssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

Update hostkey templating

Browse Source 
Multiple HostKeys can now be defined as a list, instead of allowing only one custom HostKey entry
This commit is contained in:
Corbin Bartsch 2023-10-29 14:01:22 -04:00
parent 4f4c5676e9
commit 9da630d612
Signed by: coredotbin
GPG Key ID: 32D3B80A08D93212
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
defaults/main.yaml
View File

@ -7,6 +7,11 @@ openssh_address_family: any
openssh_listen_addresses:
- 0.0.0.0
openssh_hostkeys:
- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_rsa_key
openssh_allow_groups: ssh
openssh_login_grace_time: 20
openssh_permit_root_login: 'no'

10
templates/sshd_config.j2
View File

@ -6,12 +6,10 @@ AddressFamily {{ openssh_address_family }}
ListenAddress {{ a }}
{% endfor %}
{% if openssh_hostkey_file is defined %}
HostKey {{ openssh_hostkey_file }}
{% else %}
HostKey /etc/ssh/openssh_host_ecdsa_key
HostKey /etc/ssh/openssh_host_ed25519_key
HostKey /etc/ssh/openssh_host_rsa_key
{% if openssh_hostkeys is defined %}
{% for hostkey in openssh_hostkeys %}
HostKey {{ hostkey }}
{% endfor %}
{% endif %}
{% if openssh_kexalgorithms is defined %}