From ed24147b3acb9237cc3b2467a28720293aad065d Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Tue, 19 Oct 2021 10:23:13 +0200
Subject: [PATCH] Regenerate too small RSA keys

closes #1
---
 tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 78a19f7..1966cb1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -60,6 +60,14 @@
   loop: '{{ ssh_hardening_hostkeys }}'
   notify: Restart SSH
 
+
+- name: "Renew RSA hostkeys if too short"
+  openssh_keypair:
+    path: /etc/ssh/ssh_host_rsa_key
+    type: rsa
+    size: 4096
+  when: '"rsa" in ssh_hardening_hostkeys'
+
 ####################
 
 - name: "INCLUDE: Remove small Diffie-Hellman moduli"