From d9120028f879259be458c924c917f9be43d691b0 Mon Sep 17 00:00:00 2001
From: majx <mjd.ps@hotmail.com>
Date: Sat, 27 Dec 2025 00:13:59 +0100
Subject: [PATCH] Check SSH key files exist before making changes

Signed-off-by: majx <mjd.ps@hotmail.com>
---
 roles/ssh_hardening/tasks/crypto_hostkeys.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/ssh_hardening/tasks/crypto_hostkeys.yml b/roles/ssh_hardening/tasks/crypto_hostkeys.yml
index cd3181349..b3aab482f 100644
--- a/roles/ssh_hardening/tasks/crypto_hostkeys.yml
+++ b/roles/ssh_hardening/tasks/crypto_hostkeys.yml
@@ -29,10 +29,17 @@
       - "{{ ssh_host_keys_dir }}/ssh_host_ed25519_key"
   when: sshd_version is version('6.3', '>=')
 
+- name: Check which SSH host key files exist
+  ansible.builtin.stat:
+    path: "{{ item }}"
+  loop: "{{ ssh_host_key_files }}"
+  register: ssh_host_key_files_check
+
 - name: Change host private key ownership, group and permissions
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ item.item }}"
     owner: "{{ ssh_host_keys_owner }}"
     group: "{{ ssh_host_keys_group }}"
     mode: "{{ ssh_host_keys_mode }}"
-  loop: "{{ ssh_host_key_files }}"
+  when: item.stat.exists
+  loop: "{{ ssh_host_key_files_check.results }}"