From bb9de6035520ab158e3b4fb03a209ebbe2d550cd Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Wed, 8 Nov 2017 14:44:13 -0600
Subject: [PATCH] Always search for ssh keys

This patch ensures that a list of public/private ssh keys is always
generated.

Closes-Bug: 1731049
Change-Id: Ibc6eecafe96b97107e14ae3d0f92c4ad6018228c
---
 tasks/rhel7stig/sshd.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tasks/rhel7stig/sshd.yml b/tasks/rhel7stig/sshd.yml
index b66ac1af..1e5165da 100644
--- a/tasks/rhel7stig/sshd.yml
+++ b/tasks/rhel7stig/sshd.yml
@@ -75,6 +75,9 @@
   # The shell command will always report 'changed' so we need to
   # ignore that since this role is supposed to be idempotent.
   changed_when: false
+  check_mode: no
+  tags:
+    - always
 
 - name: Public host key files must have mode 0644 or less
   file:
@@ -90,9 +93,12 @@
 - name: Determine existing private ssh host keys
   shell: ls /etc/ssh/*_key
   register: private_ssh_host_keys
-  # The sheel command will always report 'changed' so we need to
+  # The shell command will always report 'changed' so we need to
   # ignore that since this role is supposed to be idempotent
   changed_when: false
+  check_mode: no
+  tags:
+    - always
 
 - name: Private host key files must have mode 0600 or less
   file: