mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-08 12:53:29 +01:00
860e533713
Previously no hostkeys were checked if they were not present in the generated configuration file. When the drop-in directory is used, usually, there are no hostkeys in that file and no sanity check for hostkeys was executed. This amends the "auto" value for the hostkeys check to allow checking for default hostkeys that are read by OpenSSH by default. Signed-off-by: Jakub Jelen <jjelen@redhat.com>
19 lines
597 B
YAML
19 lines
597 B
YAML
---
|
|
sshd_packages:
|
|
- openssh
|
|
- openssh-server
|
|
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
|
# RHEL 9 ships with drop-in directory support so we touch
|
|
# just included file with highest priority by default and have
|
|
# empty defaults
|
|
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
|
__sshd_defaults:
|
|
__sshd_os_supported: yes
|
|
__sshd_verify_hostkeys_default:
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
__sshd_hostkeys_nofips:
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
__sshd_hostkey_group: ssh_keys
|
|
__sshd_hostkey_mode: "0640"
|