Improve SSH configuration for nodes

Ensure hostbased auth works with configs, remove erroneous old
conditional for authtypes, remove obsolete config option.

roles/base/templates/etc/ssh/shosts.equiv.j2

@@ -1,3 +1,8 @@
 # SSH remote allowed hosts
 # {{ ansible_managed }}
 
+{% for host in groups[cluster_group] %}
+{{ host }}
+{{ host.split('.')[0] }}.{{ networks['cluster']['domain'] }}
+{{ host.split('.')[0] }}
+{% endfor %}

roles/base/templates/etc/ssh/ssh_known_hosts.j2

@@ -1,3 +1,6 @@
 # SSH remote allowed hosts
 # {{ ansible_managed }}
 
+{% for host in groups[cluster_group] %}
+{{ host }},{{ host.split('.')[0] }}.{{ networks['cluster']['domain'] }},{{ host.split('.')[0] }} ssh-ed25519 {{ hostvars[host].ansible_ssh_host_key_ed25519_public }}
+{% endfor %}

roles/base/templates/etc/ssh/sshd_config.j2

@@ -6,7 +6,6 @@ ListenAddress ::
 ListenAddress 0.0.0.0
 Protocol 2
 HostKey /etc/ssh/ssh_host_ed25519_key
-UsePrivilegeSeparation yes
 SyslogFacility AUTH
 LogLevel INFO
 LoginGraceTime 120
@@ -29,15 +28,9 @@ PubkeyAuthentication yes
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
 PasswordAuthentication no
-{% if 'hv' in group_names %}
 HostbasedAuthentication yes
 HostbasedUsesNameFromPacketOnly yes
 IgnoreRhosts no
-PermitRootLogin yes
-{% else %}
-HostbasedAuthentication no
-IgnoreRhosts yes
 PermitRootLogin no
-{% endif %}
 
 Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO