---

# SSH configs don't change in Debian minor versions
- name: Reconfigure /etc/ssh/sshd_config
  template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
  when: ansible_distribution == 'Debian'
  notify: reload sshd

# Ubuntu is the only distro we have where SSH version is very different from 14.04 -> 14.10,
# ie with new ciphers supported etc.
- name: Reconfigure /etc/ssh/sshd_config
  template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
  when: ansible_distribution == 'Ubuntu'
  notify: reload sshd

- name: Remove DSA and ECDSA host keys
  file: name=/etc/ssh/{{ item }} state=absent
  loop:
    - ssh_host_dsa_key
    - ssh_host_dsa_key.pub
    - ssh_host_ecdsa_key
    - ssh_host_ecdsa_key.pub
  notify: reload sshd

# vim: set sw=2 ts=2: