diff --git a/README.md b/README.md index 992d94d..83ba412 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,18 @@ If set to False, a reload of sshd wont happen on change. This can help with troubleshooting. You'll need to manually reload sshd if you want to apply the changed configuration. Defaults to the same value as ``sshd_manage_service``. +* sshd_generate_host_keys + +If set to True, host keys will be generated with ``ssh-keygen -A``. Defaults to +*False*. + +* sshd_regenerate_host_keys + +This options implies ``sshd_generate_host_keys``. + +If set to True, host keys will be deleted and and rengenerated with +``ssh-keygen -A``. Defaults to *False*. + * sshd A dict containing configuration. e.g. diff --git a/defaults/main.yml b/defaults/main.yml index 62ca56d..e3179aa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,10 @@ sshd_manage_service: "{{ false if ansible_virtualization_type == 'docker' else t sshd_allow_reload: "{{ sshd_manage_service }}" # If the below is false, don't manage /var/run/sshd directory sshd_manage_var_run: "{{ false if ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' else true }}" +# Don't generate host keys +sshd_generate_host_keys: false +# Don't regenerate host keys +sshd_regenerate_host_keys: false # Empty dicts to avoid errors sshd: {} diff --git a/tasks/main.yml b/tasks/main.yml index 3310b1d..5021da5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -34,6 +34,14 @@ tags: - sshd +- name: Remove existing host keys + shell: rm -f /etc/ssh/ssh_host_* + when: sshd_regenerate_host_keys + +- name: Generate host keys + shell: ssh-keygen -A + when: sshd_generate_host_keys or sshd_regenerate_host_keys + - name: Configuration template: src: sshd_config.j2