change hostkey setting

Author: Sebastian Gumprich

tasks/main.yml

@@ -1,6 +1,18 @@
 ---
-- name: add the OS specific variables
-  include_vars: "{{ ansible_os_family }}.yml"
+- name: Set OS dependent variables
+  include_vars: "{{ item }}"
+  with_first_found:
+   - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
+   - "{{ ansible_distribution }}.yml"
+   - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
+   - "{{ ansible_os_family }}.yml"
+
+- name: get openssh-version
+  shell: ssh -V 2>&1 | perl -ne '/[\d\.]+/ && print $&'
+  changed_when: false
+  register: sshd_version
+
+- debug: var={{sshd_version.stdout}}
 
 - name: create sshd_config and set permissions to root/600
   template: src='opensshd.conf.j2' dest='/etc/ssh/sshd_config' mode=0600 owner=root group=root validate="/usr/sbin/sshd -T -f %s"
@@ -34,6 +46,21 @@
   changed_when: false
   check_mode: no
 
+- name: set hostkeys according to openssh-version
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key']
+  when: sshd_version.stdout >= '5.3'
+
+- name: set hostkeys according to openssh-version
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
+  when: sshd_version.stdout >= '6.0'
+
+- name: set hostkeys according to openssh-version
+  set_fact:
+    ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
+  when: sshd_version.stdout >= '6.3'
+
 - block: # only runs when selinux is running
   - name: install selinux dependencies when selinux is installed on RHEL or Oracle Linux
     yum: name="{{item}}" state=installed