ungleich-public
/
public-health-ch
6
1
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
public-health-ch/ansible/roles/dev-sec.ssh-hardening/tasks/crypto.yml

76 lines
2.5 KiB
YAML
Raw Blame History

---
- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
when: sshd_version is version('6.3', '>=') and not ssh_host_key_files
- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
when: sshd_version is version('6.0', '>=') and not ssh_host_key_files
- name: set hostkeys according to openssh-version
set_fact:
ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
when: sshd_version is version('5.3', '>=') and not ssh_host_key_files
###
- name: set macs according to openssh-version if openssh >= 7.6
set_fact:
ssh_macs: '{{ ssh_macs_76_default }}'
when: sshd_version is version('7.6', '>=') and not ssh_macs
- name: set macs according to openssh-version if openssh >= 6.6
set_fact:
ssh_macs: '{{ ssh_macs_66_default }}'
when: sshd_version is version('6.6', '>=') and not ssh_macs
- name: set macs according to openssh-version
set_fact:
ssh_macs: '{{ ssh_macs_59_default }}'
when: sshd_version is version('5.9', '>=') and not ssh_macs
- name: set macs for Enterprise Linux >= 6.5 (openssh 5.3 with backports)
set_fact:
ssh_macs: '{{ ssh_macs_53_el_6_5_default }}'
when:
- ansible_facts.distribution in ['CentOS', 'OracleLinux', 'RedHat']
- ansible_facts.distribution_version is version('6.5', '>=')
- not ssh_macs
- name: set macs according to openssh-version
set_fact:
ssh_macs: '{{ ssh_macs_53_default }}'
when: sshd_version is version('5.3', '>=') and not ssh_macs
###
- name: set ciphers according to openssh-version if openssh >= 6.6
set_fact:
ssh_ciphers: '{{ ssh_ciphers_66_default }}'
when: sshd_version is version('6.6', '>=') and not ssh_ciphers
- name: set ciphers according to openssh-version
set_fact:
ssh_ciphers: '{{ ssh_ciphers_53_default }}'
when: sshd_version is version('5.3', '>=') and not ssh_ciphers
###
- name: set kex according to openssh-version if openssh >= 8.0
set_fact:
ssh_kex: '{{ ssh_kex_80_default }}'
when: sshd_version is version('8.0', '>=') and not ssh_kex
- name: set kex according to openssh-version if openssh >= 6.6
set_fact:
ssh_kex: '{{ ssh_kex_66_default }}'
when: sshd_version is version('6.6', '>=') and not ssh_kex
- name: set kex according to openssh-version
set_fact:
ssh_kex: '{{ ssh_kex_59_default }}'
when: sshd_version is version('5.9', '>=') and not ssh_kex
Reference in New Issue View Git Blame Copy Permalink