diff --git a/roles/base/templates/etc/ssh/shosts.equiv.j2 b/roles/base/templates/etc/ssh/shosts.equiv.j2 index 5bb3663..a308526 100644 --- a/roles/base/templates/etc/ssh/shosts.equiv.j2 +++ b/roles/base/templates/etc/ssh/shosts.equiv.j2 @@ -1,3 +1,8 @@ # SSH remote allowed hosts # {{ ansible_managed }} +{% for host in groups[cluster_group] %} +{{ host }} +{{ host.split('.')[0] }}.{{ networks['cluster']['domain'] }} +{{ host.split('.')[0] }} +{% endfor %} diff --git a/roles/base/templates/etc/ssh/ssh_known_hosts.j2 b/roles/base/templates/etc/ssh/ssh_known_hosts.j2 index 5bb3663..b17201d 100644 --- a/roles/base/templates/etc/ssh/ssh_known_hosts.j2 +++ b/roles/base/templates/etc/ssh/ssh_known_hosts.j2 @@ -1,3 +1,6 @@ # SSH remote allowed hosts # {{ ansible_managed }} +{% for host in groups[cluster_group] %} +{{ host }},{{ host.split('.')[0] }}.{{ networks['cluster']['domain'] }},{{ host.split('.')[0] }} ssh-ed25519 {{ hostvars[host].ansible_ssh_host_key_ed25519_public }} +{% endfor %} diff --git a/roles/base/templates/etc/ssh/sshd_config.j2 b/roles/base/templates/etc/ssh/sshd_config.j2 index 9f95029..c72fac6 100644 --- a/roles/base/templates/etc/ssh/sshd_config.j2 +++ b/roles/base/templates/etc/ssh/sshd_config.j2 @@ -6,7 +6,6 @@ ListenAddress :: ListenAddress 0.0.0.0 Protocol 2 HostKey /etc/ssh/ssh_host_ed25519_key -UsePrivilegeSeparation yes SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 @@ -29,15 +28,9 @@ PubkeyAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication no -{% if 'hv' in group_names %} HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes IgnoreRhosts no -PermitRootLogin yes -{% else %} -HostbasedAuthentication no -IgnoreRhosts yes PermitRootLogin no -{% endif %} Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO