From 5d6201d32ba3279f30411b0f5eae2dd050e66dd4 Mon Sep 17 00:00:00 2001
From: Scott Walkinshaw <scott.walkinshaw@gmail.com>
Date: Thu, 14 Aug 2025 21:05:47 -0400
Subject: [PATCH] Improve common var definitions

---
 roles/common/defaults/main.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index 1b098c4fdc..7f598fad8a 100644
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -40,8 +40,8 @@ apt_packages_custom: {}
 apt_packages: "{{ apt_packages_default | combine(apt_packages_custom) }}"
 
 openssh_6_8_plus: "{{ (lookup('pipe', 'ssh -V 2>&1')) | regex_replace('(.*OpenSSH_([\\d\\.]*).*)', '\\2') is version_compare('6.8', '>=') }}"
-overlapping_ciphers: "[{% for cipher in (sshd_ciphers_default + sshd_ciphers_extra) if cipher in ssh_client_ciphers %}'{{ cipher }}',{% endfor %}]"
-overlapping_kex: "[{% for kex in (sshd_kex_algorithms_default + sshd_kex_algorithms_extra) if kex in ssh_client_kex %}'{{ kex }}',{% endfor %}]"
-overlapping_macs: "[{% for mac in (sshd_macs_default + sshd_macs_extra) if mac in ssh_client_macs %}'{{ mac }}',{% endfor %}]"
-host_key_types: "[{% for path in sshd_host_keys %}'{{ path | regex_replace('/etc/ssh/ssh_host_(.+)_key', '\\1') | regex_replace('dsa', 'ssh-dss')}}',{% endfor %}]"
-overlapping_host_keys: "{% for key in host_key_types if key in ssh_client_host_key_algorithms %}{{ key }},{% endfor %}"
+overlapping_ciphers: "{{ (sshd_ciphers_default + sshd_ciphers_extra) | intersect(ssh_client_ciphers) }}"
+overlapping_kex: "{{ (sshd_kex_algorithms_default + sshd_kex_algorithms_extra) | intersect(ssh_client_kex) }}"
+overlapping_macs: "{{ (sshd_macs_default + sshd_macs_extra) | intersect(ssh_client_macs) }}"
+host_key_types: "{{ sshd_host_keys | map('regex_replace', '/etc/ssh/ssh_host_(.+)_key', '\\1') | map('regex_replace', 'dsa', 'ssh-dss') | list }}"
+overlapping_host_keys: "{{ host_key_types | intersect(ssh_client_host_key_algorithms) | join(',') }}"