I ran some tests created on vagrant some ssh files and created a authorized_keys with duplicates and tried to add/remove a line that is not a duplicate
the result is that if there is a line to be added/removed from the authorized_keys files the duplicates are also removed if there are no lines found to be removed then nothing happens illustration: authorized keys files notice the publicates in line 1,4,5 line 4 has a different comment line 5 has no comment ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgAOaG6REJxdsfOQmyLhpQ8Q+j0qNyiUuqlYLk6 /j5M [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMc8GxolEFe89BjWEnT3fHfqnL5eVMt8aw2ZJ54Iu6dX [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 ansible ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 this is a playbook to add a new line.. to remove is the same principle ; --- - hosts: localhost gather_facts: false vars: keyfile: "{{ lookup('file', 'test_eckey4.pub') }}" tasks: - name: print keyfile contents debug: msg: "{{ keyfile }}" - name: remove public key authorized_key: path: ./test_authorized_keys user: vagrant state: present key: "{{ keyfile }}" the output ; LAY [localhost] ************************************************************************************************************************************************************************* TASK [print keyfile contents] ************************************************************************************************************************************************************ ok: [localhost] => { "msg": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDn1SXhFU1uZbZKUGRDWHoHovewh5BTIoAqcK/uMf8F0 [email protected]" } TASK [remove public key] ***************************************************************************************************************************************************************** --- before: ./test_authorized_keys +++ after: ./test_authorized_keys @@ -1,5 +1,4 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgAOaG6REJxdsfOQmyLhpQ8Q+ j0qNyiUuqlYLk6/j5M [email protected] ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMc8GxolEFe89BjWEnT3fHfqnL5eVMt8aw2ZJ54Iu6dX [email protected] -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 ansible -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDn1SXhFU1uZbZKUGRDWHoHovewh5BTIoAqcK/uMf8F0 [email protected] +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 changed: [localhost] PLAY RECAP ******************************************************************************************************************************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 notice how the lines 1,4,5 are removed.. the requested ssh key is added the llast line form the dupes is readed at the botton of the file this is a neat feature but the fact that there is no documentation at all causes concern if i have to remove a key in a 25 line authrozed key and see that 10 lines are gone. while I only requested one is to be honest baffling I think that what caused concern with the OP rsa keys are not as easy to read than ed25519 HTH. On Thursday, May 28, 2020 at 2:52:08 PM UTC-5, Felix Fontein wrote: > > Hi all, > > > On Thu, 28 May 2020 at 19:31, 'Mario Garcia' via Ansible Project > > <[email protected] <javascript:>> wrote: > > > > > > I am working on it to provide you an use case.. but. > > > > > > is by any chance the authorizing_file modules sanitizing aka > > > removing duplicates entries on the remote authorized_key file even > > > if it was not in the key string passed to be removed > > > > No, there is no such sanitizing thing. > > I just looked at the code > ( > https://github.com/ansible-collections/ansible.posix/blob/master/plugins/modules/authorized_key.py). > > > It does indeed remove duplicates. It puts all lines of authorized_keys > into a dictionary, indexed by the actual key: > > https://github.com/ansible-collections/ansible.posix/blob/master/plugins/modules/authorized_key.py#L450-L461 > > > The value in the dictionary contains more information so that the file > can be rebuilt - except that duplicate keys won't survive. > > It's probably a good idea to mention that in the module docs. If > someone wants to create a PR for that (it's a good start to trying PRs > for collections!), feel free! > > Cheers, > Felix > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/392ec7aa-0cf4-4b81-a873-fbd2d3dfbeac%40googlegroups.com.
