From 171798c76d784d6af115eb0ff9bc648e8d213be9 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Tue, 20 Jan 2015 16:28:06 +0300
Subject: [PATCH] roles/common: Add DSA/ECDSA cleanup to ssh tasks

We don't want to support these signature algorithms!

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/common/tasks/main.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 972634b..f886eec 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -21,6 +21,17 @@
   - restart sshd
   tags: sshd
 
+- name: Remove DSA and ECDSA host keys
+  file: name=/etc/ssh/{{ item }} state=absent
+  with_items:
+    - ssh_host_dsa_key
+    - ssh_host_dsa_key.pub
+    - ssh_host_ecdsa_key
+    - ssh_host_ecdsa_key.pub
+  notify:
+    - restart sshd
+  tags: sshd
+
 - name: Reconfigure /etc/sysctl.conf
   template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
   notify: