[PR #5605/fb2833d3 backport][stable-6] feat(ssh_config): host_key_algorithms option

changelogs/fragments/5605-ssh-config-add-host-key-algorithms.yaml

@@ -0,0 +1,2 @@
+minor_changes:
+  - ssh_config - add ``host_key_algorithms`` option (https://github.com/ansible-collections/community.general/pull/5605).

plugins/modules/ssh_config.py

@@ -88,6 +88,11 @@
       - If I(user) and this option are not specified, C(/etc/ssh/ssh_config) is used.
       - Mutually exclusive with I(user).
     type: path
+  host_key_algorithms:
+    description:
+      - Sets the C(HostKeyAlgorithms) option.
+    type: str
+    version_added: 6.1.0
 requirements:
 - StormSSH
 notes:
@@ -207,6 +212,7 @@ def ensure_state(self):
             strict_host_key_checking=self.params.get('strict_host_key_checking'),
             user_known_hosts_file=self.params.get('user_known_hosts_file'),
             proxycommand=self.params.get('proxycommand'),
+            host_key_algorithms=self.params.get('host_key_algorithms'),
         )
 
         # Convert True / False to 'yes' / 'no' for usage in ssh_config
@@ -297,6 +303,7 @@ def main():
             group=dict(default=None, type='str'),
             host=dict(type='str', required=True),
             hostname=dict(type='str'),
+            host_key_algorithms=dict(type='str', no_log=False),
             identity_file=dict(type='path'),
             port=dict(type='str'),
             proxycommand=dict(type='str', default=None),

tests/integration/targets/ssh_config/tasks/options.yml

@@ -15,6 +15,7 @@
     host: "options.example.com"
     proxycommand: "ssh jumphost.example.com -W %h:%p"
     forward_agent: true
+    host_key_algorithms: "+ssh-rsa"
     state: present
   register: options_add
   check_mode: yes
@@ -43,6 +44,7 @@
     host: "options.example.com"
     proxycommand: "ssh jumphost.example.com -W %h:%p"
     forward_agent: true
+    host_key_algorithms: "+ssh-rsa"
     state: present
   register: options_add
 
@@ -60,6 +62,7 @@
     host: "options.example.com"
     proxycommand: "ssh jumphost.example.com -W %h:%p"
     forward_agent: true
+    host_key_algorithms: "+ssh-rsa"
     state: present
   register: options_add_again
 
@@ -81,13 +84,15 @@
     that:
       - "'proxycommand ssh jumphost.example.com -W %h:%p' in slurp_ssh_config['content'] | b64decode"
       - "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
+      - "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
 
 - name: Options - Update host
   community.general.ssh_config:
     ssh_config_file: "{{ ssh_config_test }}"
     host: "options.example.com"
     proxycommand: "ssh new-jumphost.example.com -W %h:%p"
     forward_agent: no
+    host_key_algorithms: "+ssh-ed25519"
     state: present
   register: options_update
 
@@ -107,6 +112,7 @@
     host: "options.example.com"
     proxycommand: "ssh new-jumphost.example.com -W %h:%p"
     forward_agent: no
+    host_key_algorithms: "+ssh-ed25519"
     state: present
   register: options_update
 
@@ -129,6 +135,7 @@
     that:
       - "'proxycommand ssh new-jumphost.example.com -W %h:%p' in slurp_ssh_config['content'] | b64decode"
       - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
+      - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
 
 - name: Options - Ensure no update in case option exist in ssh_config file but wasn't defined in playbook
   community.general.ssh_config:
@@ -156,6 +163,11 @@
     that:
       - "'proxycommand ssh new-jumphost.example.com -W %h:%p' in slurp_ssh_config['content'] | b64decode"
       - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
+      - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
+
+- name: Debug
+  debug:
+    msg: "{{ slurp_ssh_config['content'] | b64decode }}"
 
 - name: Options - Delete a host
   community.general.ssh_config:
@@ -197,3 +209,4 @@
     that:
       - "'proxycommand ssh new-jumphost.example.com -W %h:%p' not in slurp_ssh_config['content'] | b64decode"
       - "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
+      - "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"