Problem with SSH keys

Archives Ansible Project
1

I’m using the authorized_key module to distribute ssh keys to my server, loading a key this way:

`
authorized_key: user=root key=“{{ item }}”
with_file:

  • my_key.pub

`

the source key file contains an entry like:

`
from=“hostname.domain,10.0.0.*” ssh-rsa AAAAB3NzaCBLAHBLAHBLAH…

`

but when it’s written in the authorized_keys of the target host it appears in the form:

from=hostname.domain,10.0.0.* ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

The key written in the target misses the quotation marks and doesn’t work as expected.

The problem seems to be located when _load_params calls the shlex.split() function and removes the quotation marks:

`
MODULE_ARGS = ‘user=root key="from=“hostname.domain,10.0.0.*” ssh-rsa AAAAB3NzaCBLAHBLAHBLAH… "’

def _load_params(self):
‘’’ read the input and return a dictionary and the arguments string ‘’’
args = MODULE_ARGS
items = shlex.split(args)
`

items now contains something like:

['user=root', 'key=from=hostname.domain,10.0.0.* ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

I don’t know if I am doing something wrong or if it is some kind of bug

2

This is the same problem described here:

    https://github.com/ansible/ansible/issues/6294

I can confirm that the workaround mentioned on that page (of passing the
values as a hash instead of key=value) works for me. Unfortunately, per
the explanation on that page, this is not something that will be fixed.

-- ams

3

Thanks ams,

I’ve tried the workaround suggested by Michael, passing the arguments as hash members, and it works perfectly!

4

I’m not sure I agree with Abhijit as it seems this could be solved by the authorized_key module knowing when to quote and calling pipes.quote.

5

Hi Michael. If the disagreement is about the "not something that will be
fixed part", I was just quoting what you said in the ticket I linked to
(https://github.com/ansible/ansible/issues/6294):

    "This isn't going to be fixable but is a consequence of how the
    lookup plugin is evaluating your line."

If you think it can be fixed, I'm delighted to hear it. If you explain
in a bit more detail what you have in mind, I'll even volunteer to
produce a pull request along those lines.

-- ams

6

I think quoting in the authorized_key module would be a problem in a case like:

from=“192.168.0.1”,no-user-rc # no-user-rc is an option
from=“192.168.0.1,no-user-rc” # no-user-rc is a host

both are passed to the module as:

from=192.168.0.1,no-user-rc

(It is very unlikely to happen, but you know…)

What about a specific “sshkey” lookup plugin?