ansible.posix icon indicating copy to clipboard operation
ansible.posix copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

authorized_key: invalid key specified

Open skibbipl opened this issue 2 years ago • 4 comments

SUMMARY

I'm trying to add my user ssh key to target machine. But I get invalid key specified

ISSUE TYPE
  • Bug Report
COMPONENT NAME

authorized_key

ANSIBLE VERSION
ansible [core 2.12.3]
  config file = None
  configured module search path = ['/home/pi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/pi/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.10 (main, Feb 27 2022, 11:38:52) [GCC 11.2.0]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
Collection    Version
------------- -------
ansible.posix 1.3.0
CONFIGURATION
N/A
OS / ENVIRONMENT

Raspbian OS, bookworm (testing)

STEPS TO REPRODUCE
  - name: Add current ansible user authorized key
    ansible.posix.authorized_key:
      user: "{{ hostvars[inventory_hostname].ansible_user }}"
      state: present
      key: "{{ lookup('fileglob', lookup('env','HOME') + '/.ssh/*.pub') }}"
EXPECTED RESULTS

Key added to target machine

ACTUAL RESULTS
TASK [Add current ansible user authorized key] *********************************
task path: /home/pi/ansible/playbooks/ssh-config.yaml:14
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'echo ~pi && sleep 0'"'"''
<rpi4b.lan> (0, b'/home/pi\n', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/pi/.ansible/tmp `"&& mkdir "` echo /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838 `" && echo ansible-tmp-1647453383.491395-10816-268438985778838="` echo /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838 `" ) && sleep 0'"'"''
<rpi4b.lan> (0, b'ansible-tmp-1647453383.491395-10816-268438985778838=/home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838\n', b'')
Using module file /usr/lib/python3/dist-packages/ansible_collections/ansible/posix/plugins/modules/authorized_key.py
<rpi4b.lan> PUT /home/pi/.ansible/tmp/ansible-local-10783ajh5xu6_/tmpvc5ppi9n TO /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py
<rpi4b.lan> SSH: EXEC sshpass -d10 sftp -o BatchMode=no -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' '[rpi4b.lan]'
<rpi4b.lan> (0, b'sftp> put /home/pi/.ansible/tmp/ansible-local-10783ajh5xu6_/tmpvc5ppi9n /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py\n', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'chmod u+x /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/ /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py && sleep 0'"'"''
<rpi4b.lan> (0, b'', b'')
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' -tt rpi4b.lan '/bin/sh -c '"'"'/usr/bin/python3 /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/AnsiballZ_authorized_key.py && sleep 0'"'"''
<rpi4b.lan> (1, b'\r\n{"failed": true, "msg": "invalid key specified: /home/pi/.ssh/id_ed25519.pub", "invocation": {"module_args": {"user": "pi", "state": "present", "key": "/home/pi/.ssh/id_ed25519.pub", "manage_dir": true, "exclusive": false, "validate_certs": true, "follow": false, "path": null, "key_options": null, "comment": null, "keyfile": "/home/pi/.ssh/authorized_keys"}}}\r\n', b'Shared connection to rpi4b.lan closed.\r\n')
<rpi4b.lan> Failed to connect to the host via ssh: Shared connection to rpi4b.lan closed.
<rpi4b.lan> ESTABLISH SSH CONNECTION FOR USER: pi
<rpi4b.lan> SSH: EXEC sshpass -d10 ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'User="pi"' -o ConnectTimeout=10 -o 'ControlPath="/home/pi/.ansible/cp/feb28ce348"' rpi4b.lan '/bin/sh -c '"'"'rm -f -r /home/pi/.ansible/tmp/ansible-tmp-1647453383.491395-10816-268438985778838/ > /dev/null 2>&1 && sleep 0'"'"''
<rpi4b.lan> (0, b'', b'')
fatal: [rpi4b]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "comment": null,
            "exclusive": false,
            "follow": false,
            "key": "/home/pi/.ssh/id_ed25519.pub",
            "key_options": null,
            "keyfile": "/home/pi/.ssh/authorized_keys",
            "manage_dir": true,
            "path": null,
            "state": "present",
            "user": "pi",
            "validate_certs": true
        }
    },
    "msg": "invalid key specified: /home/pi/.ssh/id_ed25519.pub"
}

skibbipl avatar Mar 16 '22 18:03 skibbipl

Ok, when I replaced:

key: "{{ lookup('fileglob', lookup('env','HOME') + '/.ssh/*.pub') }}"

with

key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"

it works. But I need wildcard selection :(

skibbipl avatar Mar 16 '22 20:03 skibbipl

Likely too late for you @skibbipl but I ran into the same issue and worked around it via with_file and a fileglob lookup e.g. with_file: "{{ lookup('ansible.builtin.fileglob', 'files/ssh/*.pub').split(',') }}"

krollster avatar Jul 29 '22 04:07 krollster

I ran into the same issue and worked around it via with_file and a fileglob lookup e.g. with_file: "{{ lookup('ansible.builtin.fileglob', 'files/ssh/*.pub').split(',') }}"

This didn't work for for me and gave me the following error: AttributeError: 'list' object has no attribute 'startswith'

But this worked for me:

- name: Set up multiple authorized keys for user bird
  ansible.posix.authorized_key:
    user: "{{ hostvars[inventory_hostname].ansible_user }}"
    state: present
    key: "{{ lookup('ansible.builtin.file', item) }}"
  with_fileglob:
    - "public_keys/*"

weichweich avatar Aug 01 '22 13:08 weichweich

@weichweich thanks for that, I see where I went wrong initally now.

I had something like this, using "item" directly for the key, which didn't work. Your lookup in "key" is the ... "key"

#wrong, don't use
- name: Set up multiple authorized keys
  ansible.posix.authorized_key:
    user: "foobar"
    state: present
    key: "{{ item }}"
  with_fileglob:
    - "public_keys/*"

krollster avatar Aug 02 '22 04:08 krollster