On Thu, 1 Aug 2024 at 19:21, Veera <sveem...@gmail.com> wrote:

>
>
> Yes  ,  We need a RSA format PEM key  which is compatible with the
> application .
>  Whenever a OPENSSH PRIVATE  Key generated with the playbook is used for
> authentication ,  login to the application  is working but its not
> functioning 100% as expected .
> When a RSA format PEM or id_rsa key ( ssh-keygen -t rsa -b 2048) is used
> then login and functioning of the application is working fine.  (vendor
> recommended RSA format SSH key)
>

Add the following parameters to your task:

backend: cryptography
private_key_format: pkcs1

Looking at the docs
<https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html>,
this means that your application depends on OpenSSH < 7.8, because only
those versions created PKCS1 private key files (the ones with "BEGIN
RSA...").
See https://superuser.com/questions/1720991/ for an interesting read on
some historical background and rationale.
After reading that you may want to ask questions to your vendor, for
example why their application insists on a legacy, less secure format
(although the latter only applies to encrypted keys, which you don't seem
to be generating).
If it is a key for ssh, then they might also be using specific fields from
the ASN.1 structure. This is possible, but then it's not just an ssh key
anymore.

Dick

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAF8BbLZj2dSZCdqaPh3Q837eaLWZRoMz1AsS46KENZ6-TZD3QQ%40mail.gmail.com.

Reply via email to