Problem with SSH keys

[Ruggero Marchei]

I'm using the authorized_key module to distribute ssh keys to my server, loading a key this way: 

authorized_key: user=root key="{{ item }}"
with_file:
  - my_key.pub
 

the source key file contains an entry like:

from="hostname.domain,10.0.0.*" ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

but when it's written in the authorized_keys of the target host it appears in the form:

from=hostname.domain,10.0.0.* ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

The key written in the target misses the quotation marks and doesn't work as expected.

The problem seems to be located when  _load_params calls the shlex.split() function and removes the quotation marks:

MODULE_ARGS = 'user=root key="from="hostname.domain,10.0.0.*" ssh-rsa AAAAB3NzaCBLAHBLAHBLAH... "'

...

    def _load_params(self):
        ''' read the input and return a dictionary and the arguments string '''
        args = MODULE_ARGS
        items   = shlex.split(args)

items now contains something like:

['user=root', 'key=from=hostname.domain,10.0.0.* ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

I don't know if I am doing something wrong or if it is some kind of bug

[Abhijit Menon-Sen]

At 2014-05-22 05:42:37 -0700, ruggero...@gmail.com wrote:
>
> > authorized_key: user=root key="{{ item }}"
> with_file:
> - my_key.pub
>
>
> the source key file contains an entry like:
> from="hostname.domain,10.0.0.*" ssh-rsa AAAAB3NzaCBLAHBLAHBLAH...

This is the same problem described here:

https://github.com/ansible/ansible/issues/6294

I can confirm that the workaround mentioned on that page (of passing the
values as a hash instead of key=value) works for me. Unfortunately, per
the explanation on that page, this is not something that will be fixed.

-- ams

[Ruggero Marchei]

Thanks ams,

I've tried the workaround suggested by Michael, passing the arguments as hash members, and it works perfectly!

[Michael DeHaan]

I'm not sure I agree with Abhijit as it seems this could be solved by the authorized_key module knowing when to quote and calling pipes.quote.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b810b7ea-e534-479f-94f3-33e76d3680ed%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Abhijit Menon-Sen]

At 2014-05-23 08:40:35 -0400, mic...@ansible.com wrote:
>
> I'm not sure I agree with Abhijit as it seems this could be solved
> by the authorized_key module knowing when to quote and calling
> pipes.quote.

Hi Michael. If the disagreement is about the "not something that will be
fixed part", I was just quoting what you said in the ticket I linked to
(https://github.com/ansible/ansible/issues/6294):

"This isn't going to be fixable but is a consequence of how the
lookup plugin is evaluating your line."

If you think it can be fixed, I'm delighted to hear it. If you explain
in a bit more detail what you have in mind, I'll even volunteer to
produce a pull request along those lines.

-- ams

[Ruggero Marchei]

I think quoting in the authorized_key module would be a problem in a case like:

from="192.168.0.1",no-user-rc     # no-user-rc is an option

from="192.168.0.1,no-user-rc"     # no-user-rc is a host

both are passed to the module as:

from=192.168.0.1,no-user-rc

(It is very unlikely to happen, but you know...)

What about a specific "sshkey" lookup plugin?