enable ssh host key verification over DNS

roles/base/files/system_setup/ssh_custom.conf

@@ -0,0 +1 @@
+VerifyHostKeyDNS yes

roles/base/tasks/system_setup/openssh.yml

@@ -36,6 +36,16 @@
     mode: '0644'
   notify: restart_sshd
 
+- name: system setup | openssh | copy ssh client custom config
+  tags: openssh,ssh,system,settings
+  copy:
+    force: True
+    src: system_setup/ssh_custom.conf
+    dest: /etc/ssh/ssh_config.d/custom.conf
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: system setup | openssh | install fail2ban
   tags: fail2ban,ssh,system,settings
   package: