The fact that multiple keys begin with AAAAB3NzaC1yc2EAAAA is because they share the same header - this is OK. The module takes the entire key string into account.
Can you maybe reproduce this in a way that we can look at it? Otherwise it will be impossible to tell what is wrong (other that guessing what it might be). Dick On Thu, 28 May 2020 at 17:02, 'Mario Garcia' via Ansible Project <[email protected]> wrote: > > Hello > > no the key are differents but i think that ansible modules only match the > beginning of the line but not the whole file > > i am not going to list all the public keys here but: > the public key that has to be removed and the ones that are wrongly being > removed have the 'same' beginning:: > > ssh-rsa AAAAB3NzaC1yc2EAAAA... > after this both lines in authorized keys differ > > so does the authorized_key module only looks for the beginning of the line? > > the /path/to/totpubkey.pub is a normal regular ssh-rsa public key file are > standard public file with the publick key and authorized key files are one > key per line.. nothing fancy > > > > On Thursday, May 28, 2020 at 4:07:16 PM UTC+2, Mario Garcia wrote: >> >> Hello >> >> I need to clean up a bit the authorized keys files on our infra >> i created a simple palybook that goes and removed one key from the remote >> authorized_keys files but when I run it in check/diff mode i see it tried to >> remove far too many lines >> >> >> this is the playbook >> >> --- >> - hosts: all >> >> >> tasks; >> >> - name: remove public keys >> >> authorized_key: >> user: toto >> state: absent >> key: "{{ lookup('file', '/path/to/totpubkey.pub') }}" >> >> >> I see absolutely no reason why in some hosts there are several public keys >> that are being removed for the authorized_keys files and since the module >> does not have a backup option is a bit of a problem. >> >> how could I use perhaps lineinfile to do the same? or how detect what is >> causing the module to delete several lines instead on just the one provided? >> >> thank you. >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/ab796701-f5dd-4619-871b-0dc5c0bb8b24%40googlegroups.com. -- Dick Visser Trust & Identity Service Operations Manager GÉANT -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwN5qmgGFZAvtFAu_6oHP5%2B%3D2gSt5o2MZ0pdDaFM%3DRiF-Q%40mail.gmail.com.
