Fix sshd handlers for Debian 12.

klemens-st · klemens-st · commit 5b56f01f3771 · 2024-09-26T18:00:18.000+02:00
Debian 12, Ubuntu 22 and above need to re-run systemd generators to pull the updated sshd port config. https://discourse.ubuntu.com/t/sshd-now-uses-socket-based-activation-ubuntu-22-10-and-later/30189/14
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,4 +1,6 @@
 ---
+- name: systemd reload
+  ansible.builtin.command: systemctl daemon-reload
 - name: restart ssh
   service:
     name: "{{ security_sshd_name }}"
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
@@ -29,7 +29,7 @@
       line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
     - regexp: "^X11Forwarding"
       line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
-  notify: restart ssh
+  notify: "{{ security_sshd_handlers }}"
 
 - name: Add configured users allowed to connect over ssh
   lineinfile:
diff --git a/vars/Debian.yml b/vars/Debian.yml
@@ -1,3 +1,6 @@
 ---
 security_ssh_config_path: /etc/ssh/sshd_config
 security_sshd_name: ssh
+security_sshd_handlers:
+  - restart ssh
+  - systemd reload
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
@@ -1,3 +1,4 @@
 ---
 security_ssh_config_path: /etc/ssh/sshd_config
 security_sshd_name: sshd
+security_sshd_handlers: restart ssh
