Remove SSH settings validation (#1614)

This is a complex validation that was overly defensive and mostly needed
back when new OpenSSH ciphers caused more version incompatibilities in
~2016. These incompatibilities are much less likely to occur now so we
can remove these validations.

Author: swalkinshaw

roles/common/defaults/main.yml

@@ -18,10 +18,3 @@ apt_packages_default:
 
 apt_packages_custom: {}
 apt_packages: "{{ apt_packages_default | combine(apt_packages_custom) }}"
-
-openssh_6_8_plus: "{{ (lookup('pipe', 'ssh -V 2>&1')) | regex_replace('(.*OpenSSH_([\\d\\.]*).*)', '\\2') is version_compare('6.8', '>=') }}"
-overlapping_ciphers: "[{% for cipher in (sshd_ciphers_default + sshd_ciphers_extra) if cipher in ssh_client_ciphers %}'{{ cipher }}',{% endfor %}]"
-overlapping_kex: "[{% for kex in (sshd_kex_algorithms_default + sshd_kex_algorithms_extra) if kex in ssh_client_kex %}'{{ kex }}',{% endfor %}]"
-overlapping_macs: "[{% for mac in (sshd_macs_default + sshd_macs_extra) if mac in ssh_client_macs %}'{{ mac }}',{% endfor %}]"
-host_key_types: "[{% for path in sshd_host_keys %}'{{ path | regex_replace('/etc/ssh/ssh_host_(.+)_key', '\\1') | regex_replace('dsa', 'ssh-dss')}}',{% endfor %}]"
-overlapping_host_keys: "{% for key in host_key_types if key in ssh_client_host_key_algorithms %}{{ key }},{% endfor %}"

roles/common/tasks/main.yml

@@ -74,26 +74,6 @@
       Staging/Production: Create a new server with Ubuntu 20.04 and provision
   when: ansible_distribution_version is version('18.04', '<')
 
-- name: Retrieve local SSH client's settings per host
-  set_fact:
-    ssh_client_ciphers: "{{ lookup('pipe', 'ssh -ttG ' + ansible_host + ' | grep ciphers') }}"
-    ssh_client_kex: "{{ lookup('pipe', 'ssh -ttG ' + ansible_host + ' | grep kexalgorithms') }}"
-    ssh_client_macs: "{{ lookup('pipe', 'ssh -ttG ' + ansible_host + ' | grep macs') }}"
-    ssh_client_host_key_algorithms: "{{ lookup('pipe', 'ssh -ttG ' + ansible_host + ' | grep hostkeyalgorithms') }}"
-  when: openssh_6_8_plus and validate_ssh | default(true)
-  tags: [sshd]
-
-- name: Validate compatible settings between SSH client and server
-  assert:
-    that:
-      - overlapping_ciphers | count
-      - overlapping_kex | count
-      - overlapping_macs | count
-      - overlapping_host_keys | count
-    msg: "{{ lookup('template', 'validate_ssh_msg.j2') }}"
-  when: openssh_6_8_plus and validate_ssh | default(true)
-  tags: [sshd]
-
 - name: Clean old APT sources
   import_tasks: clean-apt-sources.yml
   when: apt_clean_sources | default(false)