roles/common: Add DSA/ECDSA cleanup to ssh tasks

We don't want to support these signature algorithms!

Signed-off-by: Alan Orth <alan.orth@gmail.com>

roles/common/tasks/main.yml

@@ -21,6 +21,17 @@
   - restart sshd
   tags: sshd
 
+- name: Remove DSA and ECDSA host keys
+  file: name=/etc/ssh/{{ item }} state=absent
+  with_items:
+    - ssh_host_dsa_key
+    - ssh_host_dsa_key.pub
+    - ssh_host_ecdsa_key
+    - ssh_host_ecdsa_key.pub
+  notify:
+    - restart sshd
+  tags: sshd
+
 - name: Reconfigure /etc/sysctl.conf
   template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
   notify: