Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

bashssh: revert hack from 11006 and see if it is really fixed by quoting we did with new ansible

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2022-12-07 15:19:57 -08:00
parent 99a074fe36
commit aa5e7e86ee
2 changed files with 2 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/basessh/templates/sshd_config
View file

@ -12,23 +12,13 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
{% endif %}
{% set ed25519_key=True %}
{% if ansible_hostname.startswith(('pkgs01','pagure02')) %}
{% set ed25519_key=False %}
{% endif %}
{% if no_ed25519_key is defined %}
{% set ed25519_key=False %}
{% endif %}
HostKey /etc/ssh/ssh_host_rsa_key
{% if ed25519_key %}
{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
HostKey /etc/ssh/ssh_host_ed25519_key
{% endif %}
HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
{% if ed25519_key %}
{% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
{% endif %}