ansible.posix
ansible.posix copied to clipboard
authorized_key: invalid key specified
SUMMARY
I'm trying to add my user ssh key to target machine. But I get invalid key specified
ISSUE TYPE
- Bug Report
COMPONENT NAME
authorized_key
ANSIBLE VERSION
ansible [core 2.12.3]
config file = None
configured module search path = ['/home/pi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/pi/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.10 (main, Feb 27 2022, 11:38:52) [GCC 11.2.0]
jinja version = 3.0.3
libyaml = True
COLLECTION VERSION
Collection Version
------------- -------
ansible.posix 1.3.0
CONFIGURATION
N/A
OS / ENVIRONMENT
Raspbian OS, bookworm (testing)
STEPS TO REPRODUCE
- name: Add current ansible user authorized key
ansible.posix.authorized_key:
user: "{{ hostvars[inventory_hostname].ansible_user }}"
state: present
key: "{{ lookup('fileglob', lookup('env','HOME') + '/.ssh/*.pub') }}"
EXPECTED RESULTS
Key added to target machine
ACTUAL RESULTS
TASK [Add current ansible user authorized key] *********************************
task path: /home/pi/ansible/playbooks/ssh-config.yaml:14
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'echo ~pi && sleep 0'"'"''
<rpi4b.lan> (0, b'/home/pi\n', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/pi/.ansible/tmp `"&& mkdir "` echo /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838 `" && echo ansible-tmp-1647453383.491395-10816-268438985778838="` echo /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838 `" ) && sleep 0'"'"''
<rpi4b.lan> (0, b'ansible-tmp-1647453383.491395-10816-268438985778838=/home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838\n', b'')
Using module file /usr/lib/python3/dist-packages/ansible_collections/ansible/posix/plugins/modules/authorized_key.py
<rpi4b.lan> PUT /home/pi/.ansible/tmp/ansible-local-10783ajh5xu6_/tmpvc5ppi9n TO /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py
<rpi4b.lan> SSH: EXEC sshpass -d10 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' '[rpi4b.lan]'
<rpi4b.lan> (0, b'sftp> put /home/pi/.ansible/tmp/ansible-local-10783ajh5xu6_/tmpvc5ppi9n /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py\n', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'chmod u+x /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/ /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py && sleep 0'"'"''
<rpi4b.lan> (0, b'', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' -tt rpi4b.lan '/bin/sh -c '"'"'/usr/bin/python3 /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py && sleep 0'"'"''
<rpi4b.lan> (1, b'\r\n{"failed": true, "msg": "invalid key specified: /home/pi/.ssh/id_ed25519.pub", "invocation": {"module_args": {"user": "pi", "state": "present", "key": "/home/pi/.ssh/id_ed25519.pub", "manage_dir": true, "exclusive": false, "validate_certs": true, "follow": false, "path": null, "key_options": null, "comment": null, "keyfile": "/home/pi/.ssh/authorized_keys"}}}\r\n', b'Shared connection to rpi4b.lan closed.\r\n')
<rpi4b.lan> Failed to connect to the host via ssh: Shared connection to rpi4b.lan closed.
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'rm -f -r /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/ > /dev/null 2>&1 && sleep 0'"'"''
<rpi4b.lan> (0, b'', b'')
fatal: [rpi4b]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"comment": null,
"exclusive": false,
"follow": false,
"key": "/home/pi/.ssh/id_ed25519.pub",
"key_options": null,
"keyfile": "/home/pi/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"user": "pi",
"validate_certs": true
}
},
"msg": "invalid key specified: /home/pi/.ssh/id_ed25519.pub"
}
Ok, when I replaced:
key: "{{ lookup('fileglob', lookup('env','HOME') + '/.ssh/*.pub') }}"
with
key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
it works. But I need wildcard selection :(
Likely too late for you @skibbipl but I ran into the same issue and worked around it via with_file and a fileglob lookup
e.g.
with_file: "{{ lookup('ansible.builtin.fileglob', 'files/ssh/*.pub').split(',') }}"
I ran into the same issue and worked around it via with_file and a fileglob lookup e.g.
with_file: "{{ lookup('ansible.builtin.fileglob', 'files/ssh/*.pub').split(',') }}"
This didn't work for for me and gave me the following error: AttributeError: 'list' object has no attribute 'startswith'
But this worked for me:
- name: Set up multiple authorized keys for user bird
ansible.posix.authorized_key:
user: "{{ hostvars[inventory_hostname].ansible_user }}"
state: present
key: "{{ lookup('ansible.builtin.file', item) }}"
with_fileglob:
- "public_keys/*"
@weichweich thanks for that, I see where I went wrong initally now.
I had something like this, using "item" directly for the key, which didn't work. Your lookup in "key" is the ... "key"
#wrong, don't use
- name: Set up multiple authorized keys
ansible.posix.authorized_key:
user: "foobar"
state: present
key: "{{ item }}"
with_fileglob:
- "public_keys/*"