initial commit

3 files changed, 18 insertions, 0 deletions

diff --git a/roles/ssh/defaults/main.yml b/roles/ssh/defaults/main.yml
new file mode 100644
index 0000000..6d2acb6
--- /dev/null
+++ b/roles/ssh/defaults/main.yml
@@ -0,0 +1 @@
+ssh_canonical_domains: ['{{ ansible_domain }}']
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
new file mode 100644
index 0000000..7b0c386
--- /dev/null
+++ b/roles/ssh/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: generate ssh_config
+  template:
+    src: etc/ssh/ssh_config.j2
+    dest: /etc/ssh/ssh_config
diff --git a/roles/ssh/templates/etc/ssh/ssh_config.j2 b/roles/ssh/templates/etc/ssh/ssh_config.j2
new file mode 100644
index 0000000..bbde76e
--- /dev/null
+++ b/roles/ssh/templates/etc/ssh/ssh_config.j2
@@ -0,0 +1,13 @@
+Include /etc/ssh/ssh_config.d/*.conf
+
+CanonicalizeHostname always
+CanonicalDomains {{ ssh_canonical_domains | join(' ') }}
+CanonicalizeMaxDots 0
+CanonicalizeFallbackLocal yes
+
+Host {{ ssh_canonical_domains | map('regex_replace', '^', '*.') | join(' ') }}
+  GSSAPIAuthentication yes
+  GSSAPIDelegateCredentials yes
+  GSSAPIKeyExchange yes
+  GSSAPIRenewalForcesRekey yes
+  GSSAPITrustDns yes