Default code to add public ssh key fails

my playbook:

---
- hosts: localhost
  gather_facts: no
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  tasks:
    - debug: msg="{{ new_key_content }}"

I think i know the problem now.
I started the playbook with at least 3 Hosts, but the log still shows one and everywhere “localhost”
I thing in my playbook i should use instead of localhost all

I have luck and no luck:
The playbook now has the IP of the devices and the correct count, but still nothing on both machines…

:thinking:

Your playbook only contains debug task, so it does almost nothing; just displaying converted new key content.

The playbook that @shertel provided is just an example that shows the way to convert keys. You should update your playbook to use new_key_content variable as the key for ansible.posix.authorized_key.

1 Like

maybe its the time, but i dnot get what you mean.
I thought i cann add the key conversion part to the edited key import code example:


- name: Set authorized keys taken from url
  ansible.posix.authorized_key:
    user: charlie
    state: present
    key: https://github.com/charlie.keys

    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"

iim sorry iam not a linux /dev 100% guy juyt sysadmin with mostly adminsitrative experience.
Ill call it a day.
Thank you!

Example:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  
  tasks:
    - name: Set authorized keys taken from url
      ansible.posix.authorized_key:
        user: charlie
        state: present
        key: "{{ new_key_content }}"
2 Likes

Thank you!
So it seems that you can optionalls set the variables in the playbook before you execute the main task.
te fritst try failed the user “rott” didnt exist

at least something happen - i cant login via ssh as usual with my public key.
The authorized_keys in root is no change, but i cant use the public keys for login even after restarting the ssh service

My example is to add key for the user charlie. Have you modified the user in my example correctly?

If yes, are you sure that your playbook indeed ran to the hosts you are trying to connect to via SSH, by the hostname or IP address that appears in the playbook logs?

Yeah the connection has been established:

<192.168.151.237> ESTABLISH SSH CONNECTION FOR USER: root

i forgot to make snapshots of the test vms - i have to see what stopped so i cant login via keys, but with credetials

I’m talking about this line:

image

Uh yes i used root - i think for the future i should use a dedicated user.
The public ssh login is no problem - my mount left me with my keys and i thought the remote desktop manager would store them.
grafik
How can i recognize that the key has been entered- will there be another line with the key?

I uploaded the job log.
i dont know why theres no changes because even the right path /root/.ssh/authorized_keys is mentioned. awx_pub/job_219.txt at main · gsg-git/awx_pub · GitHub

I’m not sure I understand your question. Could you please clarify your goal?

The /root/.ssh/authorized_keys for the hosts 192.168.151.237 and 192.168.19.201 should have been updated to include the line ssh-rsa AAAAB3NzaC1yc... since your logs show the task as changed.

My problem is that there is nothing added -thats why im asking if the key yust gets added or with a #comment added.
Here are the files:



The user permissions are root so i think its not a permission issue.
Both folder have the same permission:
grafik
I look up if there is any log on the machines where the communication could be saved

Does AWX use a diffrent port for transfering the data then ssh?
If yes then i have to edit the firewall here.

I got it!
I have to use the custom path - even if its a default path:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
  
  tasks:
    - name: Set authorized keys taken from url
      ansible.posix.authorized_key:
        user: root
        state: present
        key: "{{ new_key_content }}"
        path: /root/.ssh/authorized_keys

The key gets inserted now and i like to use something like this in the playboook:

- name: add comment before entering public key
  lineinfile:
  path: /home/gsa/.ssh/authorized_keys
  line: "#testkey"

I cant add it in the tasks part because it fails.
Do i have to add thepath and commentvalue in the vars like:

---
- name: Set authorized keys
  hosts: all
  gather_facts: false
  vars:
    key_url: "https://raw.githubusercontent.com/gsg-git/awx_pub/main/awxtestpub"
    key_content: "{{ lookup('url', key_url, split_lines=false) }}"
    conversion_cmd: 'ssh-keygen -i -m RFC4716 -f /dev/stdin <<<"{{ key_content }}"'
    new_key_content: "{{ lookup('pipe', conversion_cmd) }}"
    commentpath: "/root/.ssh/authorized_keys"
    commentcontent: "'#Testkey"
 tasks:
    - name: Set authorized keys taken from url
       lineinfile:
       path: "{{commentpath}}"
       line: "{{commentline}}"
      ansible.posix.authorized_key:
        user: root
        state: present
        key: "{{ new_key_content }}"
        path: /root/.ssh/authorized_keys

If this is true, it’s a bug that should be reported on GitHub, but I can’t reproduce it at all, at least in my environment. It works as expected with or without the path on my side.

I recommend you to know basic playbook syntax and variable usage, then try it.

Also, if a task fails, read the error message carefully to find out why it failed and how to fix it.

1 Like

Ill make an issue then if you suggest me to.

And the variable part is right? Then i have to look up the right “punctuation marks”
Im exited if i can expand your playbook myself successfully :laughing:

If you open an issue at Issues · ansible-collections/ansible.posix · GitHub please be sure to include a simple generic reproducer, the full output with -vvv, and the commands you’re running that prove the module didn’t do what it claimed. I wasn’t able to reproduce the issue.

The syntax of your latest code block isn’t right, but reading the docs and trying it (and reading the error messages) is a good way to learn.

1 Like

I used two Templates one with the correct behaviour and path added and one with the path not set and nothing happens and uploaded anr linked them in the issue.