# Secure SSH Configuration
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
---
- name: check for ED25519 host key
  stat: path=/etc/ssh/ssh_host_ed25519_key
  register: f
- fail: msg="No ED25519 host key found"
  when: not f.stat.exists

- name: check for RSA host key
  stat: path=/etc/ssh/ssh_host_rsa_key
  register: f
- fail: msg="No RSA host key found"
  when: not f.stat.exists

- name: template sshd_config
  template:
    src: templates/sshd_config.j2
    dest: /etc/ssh/sshd_config
    backup: yes
  register: sshd_config

# reload sshd now in case the handlers don't run
- name: reload sshd
  service:
    name: ssh
    state: reloaded
  when: sshd_config.changed