Skip to content
This repository has been archived by the owner on Dec 26, 2020. It is now read-only.

Use different Hostkeys according to installed ssh version #99

Merged
merged 5 commits into from
Mar 9, 2017
Merged

Use different Hostkeys according to installed ssh version #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7a01bd0
change hostkey setting
Mar 7, 2017
8817e28
use sed isntead of perl
Mar 7, 2017
3290ff2
fix order
Mar 7, 2017
6d38219
remove debian9
Mar 9, 2017
90ab775
actually remove debian 9
Mar 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .kitchen.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,10 @@ platforms:
driver:
image: rndmh3ro/docker-debian8-ansible:latest
platform: debian
- name: debian9-ansible-latest
driver:
image: rndmh3ro/docker-debian9-ansible:latest
platform: debian
#- name: debian9-ansible-latest
# driver:
# image: rndmh3ro/docker-debian9-ansible:latest
# platform: debian

verifier:
name: inspec
Expand All @@ -78,4 +78,4 @@ verifier:
- https://github.com/dev-sec/ssh-baseline

suites:
- name: ssh
- name: ssh
8 changes: 4 additions & 4 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,10 @@ env:
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
init: /sbin/init

- distro: debian9
version: latest
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
# - distro: debian9
# version: latest
# init: /lib/systemd/systemd
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"


before_install:
Expand Down
29 changes: 27 additions & 2 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,31 @@
---
- name: add the OS specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: Set OS dependent variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_os_family }}.yml"

- name: get openssh-version
shell: ssh -V 2>&1 | sed -r 's/.*_([0-9]*\.[0-9]).*/\1/g'
changed_when: false
register: sshd_version

- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
when: sshd_version.stdout >= '5.3'

- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
when: sshd_version.stdout >= '6.0'

- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
when: sshd_version.stdout >= '6.3'

- name: create sshd_config and set permissions to root/600
template: src='opensshd.conf.j2' dest='/etc/ssh/sshd_config' mode=0600 owner=root group=root validate="/usr/sbin/sshd -T -f %s"
Expand Down