From aa5e7e86ee5f63f76b7cede9953f2d2a1c8c9d76 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 7 Dec 2022 15:19:57 -0800 Subject: [PATCH] bashssh: revert hack from 11006 and see if it is really fixed by quoting we did with new ansible Signed-off-by: Kevin Fenzi --- inventory/group_vars/copr_all_instances_aws | 3 --- roles/basessh/templates/sshd_config | 14 ++------------ 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/inventory/group_vars/copr_all_instances_aws b/inventory/group_vars/copr_all_instances_aws index e7bb4c4925..a29b40c4d8 100644 --- a/inventory/group_vars/copr_all_instances_aws +++ b/inventory/group_vars/copr_all_instances_aws @@ -1,5 +1,2 @@ # Put here configuration for all copr instances (production, devel, ...) --- - -# TODO: https://pagure.io/fedora-infrastructure/issue/11006 -no_ed25519_key: 1 diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config index 9f03284ede..bd6f809365 100644 --- a/roles/basessh/templates/sshd_config +++ b/roles/basessh/templates/sshd_config @@ -12,23 +12,13 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh. MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com {% endif %} -{% set ed25519_key=True %} - -{% if ansible_hostname.startswith(('pkgs01','pagure02')) %} -{% set ed25519_key=False %} -{% endif %} - -{% if no_ed25519_key is defined %} -{% set ed25519_key=False %} -{% endif %} - HostKey /etc/ssh/ssh_host_rsa_key -{% if ed25519_key %} +{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %} HostKey /etc/ssh/ssh_host_ed25519_key {% endif %} HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub -{% if ed25519_key %} +{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %} HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub {% endif %}