From 9652b3cc9474e000f53123eaa95d577b804a568f Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Tue, 30 Apr 2024 12:46:28 -0600 Subject: [PATCH] Don't fiddle extra host keys added later by monkey@core's ssh. And remove group read access to =~monkey/.ssh/known_hosts= on Core, else the client will remove it later (producing a spurious diff, and a re-config loop). --- README.org | 4 ++-- roles_t/core/tasks/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.org b/README.org index bd14c3e..9280c88 100644 --- a/README.org +++ b/README.org @@ -2889,13 +2889,13 @@ described in [[apache2-core][*Configure Apache2]]). pubkeyfile: "{{ pubkeypath }}/ssh_host_ecdsa_key.pub" pubkey: "{{ lookup('file', pubkeyfile) }}" lineinfile: - regexp: "^{{ domain_name }}" + regexp: "^{{ domain_name }},{{ front_addr }} ecdsa-sha2-nistp256 " line: "{{ domain_name }},{{ front_addr }} {{ pubkey }}" path: /home/monkey/.ssh/known_hosts create: yes owner: monkey group: monkey - mode: "u=rw,g=r,o=" + mode: "u=rw,g=,o=" #+END_SRC ** Install Unattended Upgrades diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml index a4ece0a..4811a2a 100644 --- a/roles_t/core/tasks/main.yml +++ b/roles_t/core/tasks/main.yml @@ -216,13 +216,13 @@ pubkeyfile: "{{ pubkeypath }}/ssh_host_ecdsa_key.pub" pubkey: "{{ lookup('file', pubkeyfile) }}" lineinfile: - regexp: "^{{ domain_name }}" + regexp: "^{{ domain_name }},{{ front_addr }} ecdsa-sha2-nistp256 " line: "{{ domain_name }},{{ front_addr }} {{ pubkey }}" path: /home/monkey/.ssh/known_hosts create: yes owner: monkey group: monkey - mode: "u=rw,g=r,o=" + mode: "u=rw,g=,o=" - name: Install basic software. become: yes -- 2.25.1