1. Disable SSH key deploying if installation on existing server

2. Move to the ed25519 algorithm
3. Delete unneeded option RSAAuthentication
Fixes #272

playbooks/common.yml

@@ -17,4 +17,4 @@
     user: "{{ ansible_ssh_user }}"
     state: present
     key: "{{ lookup('file', '{{ SSH_keys.public }}') }}"
-  tags: [ 'always' ]
+  tags: [ 'cloud' ]

playbooks/local.yml

@@ -1,14 +1,13 @@
 ---
 
 - name: Generate the SSH private key
-  local_action: shell echo -e  'n' | ssh-keygen -b 2048 -C {{ SSH_keys.comment }} -t rsa -f {{ SSH_keys.private }} -q -N ""
+  local_action: shell echo -e  'n' | ssh-keygen -C {{ SSH_keys.comment }} -t ed25519 -f {{ SSH_keys.private }} -q -N ""
   args:
     creates: "{{ SSH_keys.private }}"
 
 - name: Generate the SSH public key
   local_action: shell echo `ssh-keygen -y -f {{ SSH_keys.private }}` {{ SSH_keys.comment }} > {{ SSH_keys.public }}
-  args:
+  changed_when: false
-    creates: "{{ SSH_keys.public }}"
 
 - name: Change mode for the SSH private key
   local_action: file path={{ SSH_keys.private }} mode=0600

roles/security/templates/sshd_config.j2

@@ -26,7 +26,6 @@ AcceptEnv LANG LC_*
 # Turn off a lot of features
 IgnoreRhosts yes
 RhostsRSAAuthentication no
-RSAAuthentication no
 HostbasedAuthentication no
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
@@ -53,4 +52,3 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@op
 # HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
 # TODO: I haven't seen anyone review these yet
 # PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
-