|
|
|
@ -13,4 +13,37 @@
|
|
|
|
|
line: "PasswordAuthentication no"
|
|
|
|
|
notify: restart ssh
|
|
|
|
|
|
|
|
|
|
# TODO Collect SSH Host Keys
|
|
|
|
|
- name: Collect ssh host keys
|
|
|
|
|
command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
|
|
|
|
|
loop: "{{ ssh_host_key_types }}"
|
|
|
|
|
register: ssh_host_keys
|
|
|
|
|
changed_when: False
|
|
|
|
|
check_mode: no
|
|
|
|
|
|
|
|
|
|
- name: Create directory for host keys locally
|
|
|
|
|
local_action:
|
|
|
|
|
module: file
|
|
|
|
|
path: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
|
|
|
|
|
state: directory
|
|
|
|
|
owner: "{{ global_local_user }}"
|
|
|
|
|
group: "{{ global_local_user }}"
|
|
|
|
|
mode: "u=rwx,g=rx,o=rx"
|
|
|
|
|
|
|
|
|
|
- name: Store ssh host keys locally
|
|
|
|
|
local_action:
|
|
|
|
|
module: copy
|
|
|
|
|
content: "{{ item.stdout }}\n"
|
|
|
|
|
dest: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}/{{ item.item }}"
|
|
|
|
|
owner: "{{ global_local_user }}"
|
|
|
|
|
group: "{{ global_local_user }}"
|
|
|
|
|
mode: "u=rw,g=r,o=r"
|
|
|
|
|
loop: "{{ ssh_host_keys.results }}"
|
|
|
|
|
loop_control:
|
|
|
|
|
label: "{{ item.item }}"
|
|
|
|
|
|
|
|
|
|
- name: Generate ssh host key dns fingerprints locally
|
|
|
|
|
local_action:
|
|
|
|
|
module: make
|
|
|
|
|
chdir: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
|
|
|
|
|
file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"
|
|
|
|
|
target: dns
|
|
|
|
|