---
- name: SSH Connection Debug and Fix
  hosts: pve_cluster
  gather_facts: yes
  tasks:
    - name: Check SSH service status
      systemd:
        name: ssh
        state: started
      register: ssh_status

    - name: Display SSH service status
      debug:
        msg: "SSH Service: {{ ssh_status.status.ActiveState }}"

    - name: Check SSH configuration
      command: sshd -T
      register: sshd_config
      ignore_errors: yes

    - name: Display SSH configuration (key settings)
      debug:
        msg: |
          PasswordAuthentication: {{ sshd_config.stdout | regex_search('passwordauthentication (yes|no)') }}
          PubkeyAuthentication: {{ sshd_config.stdout | regex_search('pubkeyauthentication (yes|no)') }}
          PermitRootLogin: {{ sshd_config.stdout | regex_search('permitrootlogin (yes|no|prohibit-password)') }}
          MaxAuthTries: {{ sshd_config.stdout | regex_search('maxauthtries [0-9]+') }}

    - name: Check if authorized_keys file exists
      stat:
        path: /root/.ssh/authorized_keys
      register: authorized_keys_stat

    - name: Display authorized_keys status
      debug:
        msg: "Authorized keys file exists: {{ authorized_keys_stat.stat.exists }}"

    - name: Check authorized_keys permissions
      stat:
        path: /root/.ssh/authorized_keys
      register: authorized_keys_perm
      when: authorized_keys_stat.stat.exists

    - name: Display authorized_keys permissions
      debug:
        msg: "Authorized keys permissions: {{ authorized_keys_perm.stat.mode }}"
      when: authorized_keys_stat.stat.exists

    - name: Fix authorized_keys permissions
      file:
        path: /root/.ssh/authorized_keys
        mode: '0600'
        owner: root
        group: root
      when: authorized_keys_stat.stat.exists

    - name: Fix .ssh directory permissions
      file:
        path: /root/.ssh
        mode: '0700'
        owner: root
        group: root

    - name: Check SSH log for recent errors
      command: journalctl -u ssh -n 20 --no-pager
      register: ssh_logs
      ignore_errors: yes

    - name: Display recent SSH logs
      debug:
        msg: "{{ ssh_logs.stdout_lines }}"

    - name: Test SSH connection locally
      command: ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@localhost "echo 'SSH test successful'"
      register: ssh_local_test
      ignore_errors: yes

    - name: Display SSH local test result
      debug:
        msg: "SSH local test: {{ 'SUCCESS' if ssh_local_test.rc == 0 else 'FAILED' }}"

    - name: Check SSH agent
      command: ssh-add -l
      register: ssh_agent_keys
      ignore_errors: yes

    - name: Display SSH agent keys
      debug:
        msg: "SSH agent keys: {{ ssh_agent_keys.stdout_lines }}"
      when: ssh_agent_keys.rc == 0

    - name: Restart SSH service
      systemd:
        name: ssh
        state: restarted
      register: ssh_restart

    - name: Display SSH restart result
      debug:
        msg: "SSH service restarted: {{ ssh_restart.changed }}"