Feature add: generate host keys with ssh-keygen

2024-11-25 04:20:18 +01:00 · 2015-11-05 09:22:22 +01:00 · 2015-11-05 09:22:22 +01:00 · 51859586a9
commit 51859586a9
parent b3df4fae54
3 changed files with 24 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -62,6 +62,18 @@ If set to False, a reload of sshd wont happen on change. This can help with
 troubleshooting. You'll need to manually reload sshd if you want to apply the
 changed configuration. Defaults to the same value as ``sshd_manage_service``.

+* sshd_generate_host_keys
+
+If set to True, host keys will be generated with ``ssh-keygen -A``. Defaults to
+*False*.
+
+* sshd_regenerate_host_keys
+
+This options implies ``sshd_generate_host_keys``.
+
+If set to True, host keys will be deleted and and rengenerated with
+``ssh-keygen -A``. Defaults to *False*.
+
 * sshd

 A dict containing configuration.  e.g.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -9,6 +9,10 @@ sshd_manage_service: "{{ false if ansible_virtualization_type == 'docker' else t
 sshd_allow_reload: "{{ sshd_manage_service }}"
 # If the below is false, don't manage /var/run/sshd directory
 sshd_manage_var_run: "{{ false if ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' else true }}"
+# Don't generate host keys
+sshd_generate_host_keys: false
+# Don't regenerate host keys
+sshd_regenerate_host_keys: false
 # Empty dicts to avoid errors
 sshd: {}

--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -34,6 +34,14 @@
  tags:
    - sshd

+- name: Remove existing host keys
+  shell: rm -f /etc/ssh/ssh_host_*
+  when: sshd_regenerate_host_keys
+
+- name: Generate host keys
+  shell: ssh-keygen -A
+  when: sshd_generate_host_keys or sshd_regenerate_host_keys
+
 - name: Configuration
  template:
    src: sshd_config.j2