libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-09 21:23:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

Unbreak FIPS detection and hostkey filtering

Browse source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Jakub Jelen 2022-04-06 20:28:32 +02:00 committed by Jakub Jelen
parent 09f2c6a999
commit daa81ee84c
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tasks/install.yml
View file

@ -41,9 +41,9 @@
- name: Make sure hostkeys are available and have expected permissions
vars: &share_vars
__sshd_fips_mode: >-
- __sshd_hostkeys_nofips | d([])
- __sshd_kernel_fips_mode.content | b64decode == "1" | bool or \
__sshd_userspace_fips_mode.content | b64decode != "0" | bool
{{ __sshd_hostkeys_nofips | d([]) and
(__sshd_kernel_fips_mode.content | d('MAo=') | b64decode | trim == '1' or
__sshd_userspace_fips_mode.content | d('MAo=') | b64decode | trim != '0') }}
# This mimics the macro body_option() in sshd_config.j2
# The explicit to_json filter is needed for Python 2 compatibility
__sshd_hostkeys_from_config: >-
@ -58,14 +58,14 @@
{{ __sshd_defaults['HostKey'] | to_json }}
{% endif %}
{% else %}
[]
{{ [] | to_json }}
{% endif %}
__sshd_verify_hostkeys: >-
{% if not sshd_verify_hostkeys %}
[]
{{ [] | to_json }}
{% elif sshd_verify_hostkeys == 'auto' %}
{% if sshd_HostKey is string %}
[ {{ __sshd_hostkeys_from_config }} ]
{% if __sshd_hostkeys_from_config | from_json is string %}
{{ [ __sshd_hostkeys_from_config | from_json ] | to_json }}
{% else %}
{{ __sshd_hostkeys_from_config }}
{% endif %}