From 259a1734aebab0b810a86848bd7f0573dc440415 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 3 Nov 2020 14:59:21 -0800
Subject: [PATCH] bastion02: try resigning and using better host certs.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/basessh/templates/sshd_config | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 45f316a1db..510d54fe0e 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -13,7 +13,14 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@op
 {% endif %}
 
 HostKey /etc/ssh/ssh_host_rsa_key
+{% if ansible_hostname == 'bastion02' %}
+HostKey /etc/ssh/ssh_host_ed25519_key
+{% endif %}
+
 HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
+{% if ansible_hostname == "bastion02" %}
+HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
+{% endif %}
 
 SyslogFacility AUTHPRIV
 LogLevel VERBOSE