From 84a7bbe56e7f960158f352125d1df32b183e141a Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 3 Nov 2020 16:32:16 -0800
Subject: [PATCH] basessh: do not add new host key on pkgs01*

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/basessh/templates/sshd_config | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 32b2ea1349..fcbb782855 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -13,10 +13,14 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@op
 {% endif %}
 
 HostKey /etc/ssh/ssh_host_rsa_key
+{% if ansible_hostname != 'pkgs01' %}
 HostKey /etc/ssh/ssh_host_ed25519_key
+{% endif %}
 
 HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
+{% if ansible_hostname != 'pkgs01' %}
 HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+{% endif %}
 
 SyslogFacility AUTHPRIV
 LogLevel VERBOSE