fabric: disable less-than-sane Cumulus SSH default options

Why no ed25519 keys?
This commit is contained in:
Timotej Lazar 2024-07-26 14:27:34 +02:00
parent 82b10e8133
commit c741b90981
2 changed files with 14 additions and 0 deletions

View file

@ -1,3 +1,9 @@
- name: reload sshd
service:
name: ssh@mgmt
state: reloaded
when: "'handler' not in ansible_skip_tags"
- name: reload switchd - name: reload switchd
service: service:
name: switchd name: switchd

View file

@ -64,6 +64,14 @@
mode: 0644 mode: 0644
notify: reload interfaces notify: reload interfaces
- name: Unoverride Cumulus SSH options
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^(PubkeyAcceptedKeyTypes .*)'
line: '#\1'
backrefs: yes
notify: reload sshd
- name: Disable SSH in default VRF - name: Disable SSH in default VRF
service: service:
name: ssh name: ssh