Commit graph

11 commits

Author SHA1 Message Date
Jakub Jelen
70a9daf916 Use only RSA hostkeys in RHEL6 2020-12-11 13:25:19 +01:00
Jakub Jelen
4b0935c9a1 RHEL6: Fix defaults 2020-12-11 13:25:19 +01:00
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Nikolaos Kakouros
133543cc1f Renames variables for all supported platforms 2018-09-03 00:23:58 +02:00
Костырев Александр
70c45f0d6f fix type in AcceptEnv
default  AcceptEnv in RedHat includes LC_CTYPE but not LC_TYPE
2015-06-25 18:49:20 +03:00
Matt Willsher
849257c2f4 Add test for supported OS 2015-01-13 17:41:56 +00:00
Matt Willsher
3689ad7020 More distro supported, better docs 2014-12-22 20:19:44 +00:00
Matt Willsher
ed3556d028 Add openssh base pkg 2014-12-22 18:50:10 +00:00
Matt Willsher
2194672579 Add EL6 defaults 2014-12-22 10:05:09 +00:00