senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/openssh-server/tasks/main.yml
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

83 lines
2 KiB
YAML
Raw Blame History

---
# file: roles/openssh-server/tasks/main.yml
- name: "install openssh-server"
apt:
name: openssh-server
install_recommends: false
tags: ssh
- name: "gather the list of installed package"
package_facts:
tags: ssh
- name: "get openssh-server version"
set_fact:
sshd_version: "{{ ansible_facts.packages['openssh-server'][0]['version'][2:5] }}"
tags: ssh
- name: "display current openssh version"
debug:
msg: "openssh-server version is {{ sshd_version }}"
tags: ssh
- name: "immediate fail for unsupported version of openssh"
fail:
msg: "Compatibility with target host is unsupported or not verified for this role."
when: sshd_version is version('10.0', '>')
tags: ssh
- name: "set kex for version < 8.0"
set_fact:
sshd_KexAlgorithms: '{{ sshd_kex_version_minimum_67 }}'
when: sshd_version is version('8.0', '<')
tags: ssh
- name: "set kex for version between 8.0 and 8.4"
set_fact:
sshd_KexAlgorithms: '{{ sshd_kex_version_80_to_84 }}'
when:
- sshd_version is version('8.0', '>=')
- sshd_version is version('8.5', '<')
tags: ssh
- name: "set kex for version between 8.5 and 9.9"
set_fact:
sshd_KexAlgorithms: '{{ sshd_kex_version_85_to_99 }}'
when:
- sshd_version is version('8.5', '>=')
- sshd_version is version('9.9', '<=')
tags: ssh
- name: "set kex for version 10.0"
set_fact:
sshd_KexAlgorithms: '{{ sshd_kex_version_100 }}'
when:
- sshd_version is version('9.9', '>=')
- sshd_version is version('10.0', '<=')
tags: ssh
- name: "/etc/ssh/revoked_keys"
template:
src: "revoked_keys.j2"
dest: "/etc/ssh/revoked_keys"
mode: "0600"
owner: "root"
group: "root"
backup: yes
when: sshd_RevokedKeys_list is defined
notify: restart sshd
tags: ssh
- name: "/etc/ssh/sshd_config"
template:
src: "opensshd.conf.j2"
dest: "/etc/ssh/sshd_config"
mode: "0600"
owner: "root"
group: "root"
validate: "/usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s"
backup: yes
notify: restart sshd
tags: ssh
Reference in a new issue View git blame Copy permalink