From 02ff70e699ea496ecf31281bbe1ebd498b9396bf Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Thu, 15 Aug 2019 14:37:08 +0200
Subject: [PATCH] common: Added downloading and processing ssh host keys

---
 helpers/ssh_dns_fingerprints.makefile |  4 +++
 roles/common/tasks/sshd.yml           | 35 ++++++++++++++++++++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 helpers/ssh_dns_fingerprints.makefile

diff --git a/helpers/ssh_dns_fingerprints.makefile b/helpers/ssh_dns_fingerprints.makefile
new file mode 100644
index 0000000..ea03db7
--- /dev/null
+++ b/helpers/ssh_dns_fingerprints.makefile
@@ -0,0 +1,4 @@
+FILES = $(shell ls | grep -vE "^dns$$")
+
+dns: $(FILES)
+	echo "$(FILES)" | xargs --max-args 1 ssh-keygen -r "$$(basename "$$(pwd)")." -f > "$@"
diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml
index 00b0e28..e5ddda2 100644
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@@ -13,4 +13,37 @@
     line: "PasswordAuthentication no"
   notify: restart ssh
 
-# TODO Collect SSH Host Keys
+- name: Collect ssh host keys
+  command: "cat /etc/ssh/ssh_host_{{ item | quote }}_key.pub"
+  loop: "{{ ssh_host_key_types }}"
+  register: ssh_host_keys
+  changed_when: False
+  check_mode: no
+
+- name: Create directory for host keys locally
+  local_action:
+    module: file
+    path: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
+    state: directory
+    owner: "{{ global_local_user }}"
+    group: "{{ global_local_user }}"
+    mode: "u=rwx,g=rx,o=rx"
+
+- name: Store ssh host keys locally
+  local_action:
+    module: copy
+    content: "{{ item.stdout }}\n"
+    dest: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}/{{ item.item }}"
+    owner: "{{ global_local_user }}"
+    group: "{{ global_local_user }}"
+    mode: "u=rw,g=r,o=r"
+  loop: "{{ ssh_host_keys.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+
+- name: Generate ssh host key dns fingerprints locally
+  local_action:
+    module: make
+    chdir: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}"
+    file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile"
+    target: dns