---

- name: set hostkeys according to openssh-version
  set_fact:
    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
  when: sshd_version is version('6.3', '>=') and not ssh_host_key_files

- name: set hostkeys according to openssh-version
  set_fact:
    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
  when: sshd_version is version('6.0', '>=') and not ssh_host_key_files

- name: set hostkeys according to openssh-version
  set_fact:
    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
  when: sshd_version is version('5.3', '>=') and not ssh_host_key_files

###

- name: set macs according to openssh-version if openssh >= 7.6
  set_fact:
    ssh_macs: '{{ ssh_macs_76_default }}'
  when: sshd_version is version('7.6', '>=') and not ssh_macs

- name: set macs according to openssh-version if openssh >= 6.6
  set_fact:
    ssh_macs: '{{ ssh_macs_66_default }}'
  when: sshd_version is version('6.6', '>=') and not ssh_macs

- name: set macs according to openssh-version
  set_fact:
    ssh_macs: '{{ ssh_macs_59_default }}'
  when: sshd_version is version('5.9', '>=') and not ssh_macs

- name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
  set_fact:
    ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
  when:
    - ansible_facts.distribution in ['CentOS', 'OracleLinux', 'RedHat']
    - ansible_facts.distribution_version is version('6.5', '>=')
    - not ssh_macs

- name: set macs according to openssh-version
  set_fact:
    ssh_macs: '{{ ssh_macs_53_default }}'
  when: sshd_version is version('5.3', '>=') and not ssh_macs

###

- name: set ciphers according to openssh-version if openssh >= 6.6
  set_fact:
    ssh_ciphers: '{{ ssh_ciphers_66_default }}'
  when: sshd_version is version('6.6', '>=') and not ssh_ciphers

- name: set ciphers according to openssh-version
  set_fact:
    ssh_ciphers: '{{ ssh_ciphers_53_default }}'
  when: sshd_version is version('5.3', '>=') and not ssh_ciphers

###

- name: set kex according to openssh-version if openssh >= 8.0
  set_fact:
    ssh_kex: '{{ ssh_kex_80_default }}'
  when: sshd_version is version('8.0', '>=') and not ssh_kex

- name: set kex according to openssh-version if openssh >= 6.6
  set_fact:
    ssh_kex: '{{ ssh_kex_66_default }}'
  when: sshd_version is version('6.6', '>=') and not ssh_kex

- name: set kex according to openssh-version
  set_fact:
    ssh_kex: '{{ ssh_kex_59_default }}'
  when: sshd_version is version('5.9', '>=') and not ssh_kex