Fix local installer compatibility on newer hosts

Made-with: Cursor

ansible/roles/terminal/tasks/main.yml

@@ -13,7 +13,7 @@
     state: directory
     mode: "0755"
 
-- name: Configure courseware loopback-only sshd policy
+- name: Configure courseware sshd policy
   become: true
   template:
     src: sshd-courseware-terminal.conf.j2
@@ -46,6 +46,15 @@
     enabled: true
   when: ansible_service_mgr == "systemd"
 
+- name: Reload sshd when config changed with systemd
+  become: true
+  systemd:
+    name: ssh
+    state: reloaded
+  when:
+    - ansible_service_mgr == "systemd"
+    - courseware_terminal_sshd_config.changed
+
 - name: Check for running sshd when systemd is unavailable
   become: true
   command: pgrep -x sshd
@@ -89,19 +98,13 @@
   environment:
     PATH: "{{ courseware_node_runtime_bin_dir }}:{{ ansible_env.PATH }}"
 
-- name: Check loopback sshd listener
-  become: true
-  command: ss -ltn
-  register: courseware_terminal_ss_listeners
-  changed_when: false
-
-- name: Assert sshd is loopback-only
-  assert:
-    that:
-      - "'127.0.0.1:22' in courseware_terminal_ss_listeners.stdout"
-      - "'0.0.0.0:22' not in courseware_terminal_ss_listeners.stdout"
-      - "'[::]:22' not in courseware_terminal_ss_listeners.stdout"
-    fail_msg: "sshd must listen only on 127.0.0.1:22 for the browser terminal deployment."
+- name: Wait for sshd to accept local WeTTY connections
+  wait_for:
+    host: 127.0.0.1
+    port: 22
+    state: started
+    timeout: 10
+    msg: "sshd must accept connections on 127.0.0.1:22 for the browser terminal deployment."
 
 - name: Assert WeTTY binary exists
   stat:

ansible/roles/terminal/templates/sshd-courseware-terminal.conf.j2

@@ -1,6 +1,4 @@
 # Managed by Local Courseware Deployment.
-ListenAddress 127.0.0.1
-AddressFamily inet
 PermitRootLogin no
 PasswordAuthentication yes
 KbdInteractiveAuthentication no