From 79b66529c8724b3e96c83686d9113490ede78eb6 Mon Sep 17 00:00:00 2001
From: Denis Knauf <deac@denkn.at>
Date: Tue, 15 Mar 2022 10:59:21 +0100
Subject: [PATCH] user|host (wrong) -> user@host (correct)

---
 defaults/main.yml | 1 +
 tasks/main.yml    | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 339711a..9b75139 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,6 +2,7 @@ ssh_ca_user:              sshca
 ssh_ca_base_dir:          ~/.ssh-ca
 ssh_ca_pub:               '{{ssh_ca_base_dir}}/ca.pub'
 ssh_ca_command:           ~/ssh-ca
+ssh_cert_known_domain:    '*'
 ssh_cert_sign_host:       '{{ssh_ca_host}}'
 ssh_cert_sign_user:       '{{ssh_ca_user}}'
 ssh_cert_host_pub_path:   /etc/ssh/ssh_host_ed25519_key.pub
diff --git a/tasks/main.yml b/tasks/main.yml
index 66e65e5..17a9044 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -74,7 +74,7 @@
     hash_host: false
     path: /etc/ssh/ssh_known_hosts
     name: '{{ssh_cert_known_domain}}'
-    key: "@cert-authority *.{{ssh_cert_known_domain}},{{ssh_cert_known_domain}} {{lookup('file', ssh_cert_host_capub_path)}}"
+    key: "@cert-authority {{ssh_cert_known_domain}} {{lookup('file', ssh_cert_host_capub_path)}}"
 
 - name: install ssh-cert-renew
   copy:
@@ -107,7 +107,7 @@
   with_dict:
     ssh_cert_mail_to:   '{{ssh_cert_mail_to  |mandatory}}'
     ssh_cert_mail_from: '{{ssh_cert_mail_from|mandatory}}'
-    ssh_cert_sign_host: '{{ssh_cert_sign_user|mandatory}}|{{ssh_cert_sign_host|mandatory}}'
+    ssh_cert_sign_host: '{{ssh_cert_sign_user|mandatory}}@{{ssh_cert_sign_host|mandatory}}'
 
 - name: renew host ssh-cert
   systemd: