common: Added downloading and processing ssh host keys

5 years ago · 02ff70e699
parent 6b36435d8d
commit 02ff70e699
2 changed files with 38 additions and 1 deletions
--- a/helpers/ssh_dns_fingerprints.makefile
+++ b/helpers/ssh_dns_fingerprints.makefile
@ -0,0 +1,4 @@
+FILES = $(shell ls | grep -vE "^dns$$")
+
+dns: $(FILES)
+	echo "$(FILES)" | xargs --max-args 1 ssh-keygen -r "$$(basename "$$(pwd)")." -f > "$@"
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@ -13,4 +13,37 @@
    line: "PasswordAuthentication no"
  notify: restart ssh

-# TODO Collect SSH Host Keys
+- name: Collect ssh host keys
+  command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
+  loop: "{{ ssh_host_key_types }}"
+  register: ssh_host_keys
+  changed_when: False
+  check_mode: no
+
+- name: Create directory for host keys locally
+  local_action:
+    module: file
+    path: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
+    state: directory
+    owner: "{{ global_local_user }}"
+    group: "{{ global_local_user }}"
+    mode: "u=rwx,g=rx,o=rx"
+
+- name: Store ssh host keys locally
+  local_action:
+    module: copy
+    content: "{{ item.stdout }}\n"
+    dest: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}/{{ item.item }}"
+    owner: "{{ global_local_user }}"
+    group: "{{ global_local_user }}"
+    mode: "u=rw,g=r,o=r"
+  loop: "{{ ssh_host_keys.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+
+- name: Generate ssh host key dns fingerprints locally
+  local_action:
+    module: make
+    chdir: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
+    file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"
+    target: dns