simplify ssh host key configuration

master
Glenn K. Lockwood 4 years ago
parent 06c572ffc3
commit 426ac99b91
  1. 74
      roles/common/tasks/sshd.yml
  2. 5
      roles/common/vars/main.yml

@ -1,83 +1,31 @@
--- ---
#
# Set ssh host keys # Set ssh host keys
- name: initialize list of host keys to copy over #
set_fact:
ssh_host_keyfiles: []
tags: [ sshd ]
- name: find local copy of dsa host key
delegate_to: localhost
stat:
path: roles/common/files/etc/ssh/ssh_host_dsa_key.{{ myconfig.hostname }}
register: result
tags: [ sshd ]
- name: add dsa key to list if found
set_fact:
ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_dsa_key.{{ myconfig.hostname }}' ]"
when: result.stat.exists == true
tags: [ sshd ]
- name: find local copy of rsa host key
delegate_to: localhost
stat:
path: roles/common/files/etc/ssh/ssh_host_rsa_key.{{ myconfig.hostname }}
register: result
tags: [ sshd ]
- name: add rsa key to list if found
set_fact:
ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_rsa_key.{{ myconfig.hostname }}' ]"
when: result.stat.exists == true
tags: [ sshd ]
- name: find local copy of ed25519 host key
delegate_to: localhost
stat:
path: roles/common/files/etc/ssh/ssh_host_ed25519_key.{{ myconfig.hostname }}
register: result
tags: [ sshd ]
- name: add ed25519 key to list if found
set_fact:
ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_ed25519_key.{{ myconfig.hostname }}' ]"
when: result.stat.exists == true
tags: [ sshd ]
- name: find local copy of ecdsa host key
delegate_to: localhost
stat:
path: roles/common/files/etc/ssh/ssh_host_ecdsa_key.{{ myconfig.hostname }}
register: result
tags: [ sshd ]
- name: add ecdsa key to list if found
set_fact:
ssh_host_keyfiles: "{{ ssh_host_keyfiles }} + [ 'etc/ssh/ssh_host_ecdsa_key.{{ myconfig.hostname }}' ]"
when: result.stat.exists == true
tags: [ sshd ]
- name: set SSH host keys - name: set SSH host keys
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/{{ item }}" dest: "/{{ item.split('.')[0] }}"
owner: root owner: root
group: root group: root
mode: '0600' mode: '0600'
with_items: "{{ ssh_host_keyfiles }}" with_items: "{{ myconfig.ssh_host_key_files }}"
register: result register: result
when: "'ssh_host_key_files' in myconfig"
tags: [ sshd ] tags: [ sshd ]
- name: remove old SSH host public keys - name: remove old SSH host public keys
file: file:
path: "/{{ item }}.pub" path: "/{{ item.split('.')[0] }}.pub"
state: absent state: absent
with_items: "{{ ssh_host_keyfiles }}" with_items: "{{ myconfig.ssh_host_key_files }}"
when: result is changed when: "'ssh_host_key_files' in myconfig and result is changed"
tags: [ sshd ] tags: [ sshd ]
- name: regenerate SSH host public keys - name: regenerate SSH host public keys
shell: shell:
cmd: "ssh-keygen -y -f /{{ item }} > /{{ item }}.pub" cmd: "ssh-keygen -y -f /{{ item.split('.')[0] }} > /{{ item.split('.')[0] }}.pub"
creates: "/{{ item }}.pub" creates: "/{{ item }}.pub"
with_items: "{{ ssh_host_keyfiles }}" with_items: "{{ myconfig.ssh_host_key_files }}"
when: result is changed when: "'ssh_host_key_files' in myconfig and result is changed"
tags: [ sshd ] tags: [ sshd ]

@ -19,6 +19,11 @@ macaddrs:
enable_serial_hw: True enable_serial_hw: True
enable_onewire: False enable_onewire: False
enable_rgpio: False enable_rgpio: False
ssh_host_key_files:
- etc/ssh/ssh_host_rsa_key.cloverdale
- etc/ssh/ssh_host_dsa_key.cloverdale
- etc/ssh/ssh_host_ecdsa_key.cloverdale
- etc/ssh/ssh_host_ed25519_key.cloverdale
b8:27:eb:39:d7:57: b8:27:eb:39:d7:57:
hostname: "clovermine" hostname: "clovermine"
domain: "local" domain: "local"

Loading…
Cancel
Save