fedora-infra / ansible

Clone
Source Code
GIT

#1292 retry to make a branch with just the sshd config change.
Merged a year ago by smooge. Opened a year ago by smooge.
fedora-infra/ smooge/ansible try_to_add_ssh_items  into  main

file modified
+18 -4 
@@ -2,16 +2,30 @@ 
 

  

  Port {{ sshd_port }}
 

  

- {% if ansible_distribution_major_version == "6" %}
 

+ {% if ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat' %}
 

  KexAlgorithms diffie-hellman-group-exchange-sha256
 

  MACs hmac-sha2-512,hmac-sha2-256
 

  Ciphers aes256-ctr,aes192-ctr,aes128-ctr
 

- {% else %}
 

+ {% elif ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' %}
 

  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 

  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 

  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 

+ {% else %}
 

+ # This system is following system-wide crypto policy. The changes to
 

+ # crypto properties (Ciphers, MACs, ...) will not have any effect in
 

+ # this or following included files. To override some configuration option,
 

+ # write it before this block or include it before this file.
 

+ # Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
 

+ # Also look in /usr/lib/systemd/system/sshd.service for how it is called.
 

  {% endif %}
 

  

+ {% if ansible_distribution_major_version|int >= 9 and ansible_distribution == 'RedHat' %}
 

+ # To modify the system-wide sshd configuration, create a  *.conf  file under
 

+ #  /etc/ssh/sshd_config.d/  which will be automatically included below
 

+ Include /etc/ssh/sshd_config.d/*.conf
 

+ {% endif %} 

+ 

+ 

  HostKey /etc/ssh/ssh_host_rsa_key
 

  {% if not ansible_hostname.startswith(('pkgs01','pagure02')) %}
 

  HostKey /etc/ssh/ssh_host_ed25519_key
 
@@ -38,9 +52,9 @@ 
 

  X11Forwarding no
 

  PermitTunnel no
 

  

- {% if ansible_distribution_major_version == "6" %}
 

+ {% if ansible_distribution_major_version == "6" and ansible_distribution == 'RedHat' %}
 

  UsePrivilegeSeparation yes
 

- {% elif ansible_distribution_major_version == "7" %}
 

+ {% elif ansible_distribution_major_version == "7" and ansible_distribution == 'RedHat' %}
 

  UsePrivilegeSeparation sandbox
 

  {% endif %}

Try this again.

Build succeeded.

+1

rebased onto d41acd73cc8410deacbe2bce5ad68dbbd4175c51
a year ago

rebased onto d41acd73cc8410deacbe2bce5ad68dbbd4175c51
a year ago

Build succeeded.

Minor comments:

  • You shouldn't need "and ansible_distribution == 'RedHat'" except for the rhel9 line right? we aren't going to deploy fedora 6 or 7. ;)

  • Can you add the |int filter to the rhel6/7 cases at the bottom?

rebased onto 1618137
a year ago

rebased onto 1618137
a year ago

Pull-Request has been merged by smooge
a year ago

Build succeeded.
Metadata
None
No Tags
Changes Summary 1
+18 -4
file changed
roles/basessh/templates/sshd_config
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.