Manage SSh-Keys

[DrDth]

Hello Ansible Community,

I'm working on a possebility to manage different ssh public keys to different servers. I try to accomplish that with the most efficient and automated solution. My problem is that i want to lookup the files directly with a loop variable. Therefore I use the lookup plugin logically. But I want the keys I choose to be the only ones in the authorized_keys file on the remote machine. So is there a chance to use the exclusive parameter of the authorized keys module with a loop variable which uses the lookup module? 

Thank you for your time!

[esco real]

Why not just template the authorized_keys file?

[Javier Palacios]

If you are using 1.9, there is a "exclusive" parameter that I believe makes exactly what you want, although it will force you into some extra work if you want multiple allowed keys

Javier Palacios

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3e4a49cc-772a-45a5-a76f-6394453dad08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[DrDth]

@esco This wouldn't manage the different users on the remote systems

@Javier It does not exactly what I want, cause the last key in the loop is the one who becomes exclusive so none of the others will be in the authorized_keys file. I need an option for keeping all keys and only those which i choose to be the ones. 

[Dick Davies]

What about a parameterised role that takes the user name, then you 

"copy:" a public key (nested under e.g. your-role/files/home/{{ user }}/.ssh/pubkey) up to /home/{{ user }}/.ssh/authorized_keys

you can use that sort of role with with_items or similar to provision all the users you want to a given group of hosts pretty easily, there's no need for lookups as you already have the file to hand.

On 22 October 2015 at 12:55, DrDth <mwm...@googlemail.com> wrote:

@esco This wouldn't manage the different users on the remote systems

@Javier It does not exactly what I want, cause the last key in the loop is the one who becomes exclusive so none of the others will be in the authorized_keys file. I need an option for keeping all keys and only those which i choose to be the ones. 

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com.

[DrDth]

I have a server on which this playbook will be executed. There is a directory on this server on which all public keys of all computers in the network will be stored in single keyfiles. I edit a variable which provides a list of the users who will have access with there keys on the assigned servers. And the users in this list  should be the only keys in the remote auth_keys file. But there has to be more than one key in every key parameter of the authorized_key module. Since the exclusive parameter uses the last given file in the loop var I sort of have to stack the keys together in maby a variable or a file or something. this "stacking" together is my problem all other problems are solved. i hope that I made my problem more clear :) 

[Ben Cohen]

I think you should take a look at the authorized_keys module again -- you can pass multiple keys to a single invocation when using the exclusive option which will enforce that exactly and only the list of  keys you supplied are in the specified authorized_keys file.

On Thursday, October 22, 2015, DrDth <mwm...@googlemail.com> wrote:

@esco This wouldn't manage the different users on the remote systems

@Javier It does not exactly what I want, cause the last key in the loop is the one who becomes exclusive so none of the others will be in the authorized_keys file. I need an option for keeping all keys and only those which i choose to be the ones. 

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c59bb8d6-9bb1-4268-a3a2-5133672a28fa%40googlegroups.com.

[Larry Smith]

I am using this method here that I created a few weeks ago and it works really well for me. Maybe it will work well for you too?

https://github.com/mrlesmithjr/ansible-manage-ssh-keys