rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fabric: disable less-than-sane Cumulus SSH default options

Browse source 
Why no ed25519 keys?
This commit is contained in:
Timotej Lazar 2024-07-26 14:27:34 +02:00
parent 82b10e8133
commit c741b90981
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/fabric/handlers/main.yml
View file

@ -1,3 +1,9 @@
- name: reload sshd
service:
name: ssh@mgmt
state: reloaded
when: "'handler' not in ansible_skip_tags"
- name: reload switchd - name: reload switchd
service: service:
name: switchd name: switchd

8
roles/fabric/tasks/main.yml
View file

@ -64,6 +64,14 @@
mode: 0644 mode: 0644
notify: reload interfaces notify: reload interfaces
- name: Unoverride Cumulus SSH options
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^(PubkeyAcceptedKeyTypes .*)'
line: '#\1'
backrefs: yes
notify: reload sshd
- name: Disable SSH in default VRF - name: Disable SSH in default VRF
service: service:
name: ssh name: ssh