Fixes up issues with known_hosts file. Renamed file. Included...

Fixes up issues with known_hosts file. Renamed file. Included ecdsa-sha2-nistp256 keys. Deleted unencrypted file. Fixed read protections

Fixes up issues with known_hosts file. Renamed file. Included...
Fixes up issues with known_hosts file. Renamed file. Included ecdsa-sha2-nistp256 keys. Deleted unencrypted file. Fixed read protections
2c5fc1dc · Simon Michnowicz · 42444e8f · 2c5fc1dc · 2c5fc1dc
Commit 2c5fc1dc authored 9 years ago by Simon Michnowicz
--- a/roles/setupKnownHosts/tasks/main.yml
+++ b/roles/setupKnownHosts/tasks/main.yml
 - name: "Templating /etc/ssh/known_hosts"
-  template: src=known_hosts.j2 dest=/etc/ssh/known_hosts owner=root group=root mode=600
+  template: src=known_hosts.j2 dest=/etc/ssh/ssh_known_hosts owner=root group=root mode=644
  sudo: true
-  register: sshknowhost 
+  register: sshknownhost 
- name: ecrypt the hosts file
+- name: encrypt the hosts file
-  shell: ssh-keygen -H -f /etc/ssh/known_hosts
+  shell: ssh-keygen -H -f /etc/ssh/ssh_known_hosts
+  sudo: true
+  when: sshknownhost.changed
+- name: set read permissions 
+  file: path=/etc/ssh/ssh_known_hosts owner=root group=root mode=644 state=file
+  sudo: true
+- name: delete ssh_known_hosts.old
+  file: path=/etc/ssh/ssh_known_hosts.old  state=absent
  sudo: true
-  when: sshknowhost.changed
--- a/roles/setupKnownHosts/templates/known_hosts.j2
+++ b/roles/setupKnownHosts/templates/known_hosts.j2
@@ -2,14 +2,22 @@
 {% for node in groups['all'] %}
 {% for interface in hostvars[node]['ansible_interfaces'] %}
 {% if interface != "lo" %}
-{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'rsa': hostvars[node]['ansible_ssh_host_key_rsa_public']} %}
+{% if hostvars[node]['ansible_ssh_host_key_rsa_public'] %}
+{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ssh-rsa', 'key': hostvars[node]['ansible_ssh_host_key_rsa_public']} %}
 {% if nodelist.append(host) %}
 {% endif %}
 {% endif %}
+{% if hostvars[node]['ansible_ssh_host_key_ecdsa_public'] %}
+#{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ssh-ecdsa', 'key': hostvars[node]['ansible_ssh_host_key_ecdsa_public']} %}
+{% set host = {'name': node, 'ip': hostvars[node]['ansible_'+interface]['ipv4']['address'], 'keytype':'ecdsa-sha2-nistp256', 'key': hostvars[node]['ansible_ssh_host_key_ecdsa_public']} %}
+{% if nodelist.append(host) %}
+{% endif %}
+{% endif %}
+{% endif %}
 {% endfor %}
 {% endfor %}
-{% for host in nodelist|unique %}
+{% for host in nodelist %}
-{{ host.ip }} ssh-rsa {{ host.rsa }}
+{{ host.ip }} {{ host.keytype }} {{ host.key }}
-{{ host.name }} ssh-rsa {{ host.rsa }}
+{{ host.name }} {{ host.keytype }} {{ host.key }}
 {% endfor %}