Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

basessh: invent no_ed25519_key option

Browse source 
And re-configure copr-be-dev.
This commit is contained in:
Pavel Raiskup 2022-11-23 13:10:13 +01:00
parent e18fb4f5f3
commit 50a7bd5e58
3 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/basessh/templates/sshd_config
View file

@ -12,13 +12,23 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
{% endif %}
{% set ed25519_key=True %}
{% if ansible_hostname.startswith(('pkgs01','pagure02')) %}
{% set ed25519_key=False %}
{% endif %}
{% if no_ed25519_key is defined %}
{% set ed25519_key=False %}
{% endif %}
HostKey /etc/ssh/ssh_host_rsa_key
{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
{% if ed25519_key %}
HostKey /etc/ssh/ssh_host_ed25519_key
{% endif %}
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
{% if ed25519_key %}
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
{% endif %}