Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible.posix.authorized_key fails to add ssh-ed448 pub keys #526

Open
hellcry37 opened this issue Jan 18, 2024 · 1 comment
Open

ansible.posix.authorized_key fails to add ssh-ed448 pub keys #526

hellcry37 opened this issue Jan 18, 2024 · 1 comment

Comments

@hellcry37
Copy link

SUMMARY

Every time I tried to add a ssh-ed448 pub key to my servers it failed, everyt other kind of key works including ed25519 but not ed448.
I've tried with file, with text, every way I could find. It fails with error message:
msg: 'invalid key specified: ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmHz1ranDg5alPMO44M5odpWQzpH47xUYQOxztxGo5ZXwA15J6uuQv9ncRvw/u1rjVEM98fBBH+lYA= ciprian'

ISSUE TYPE
  • Bug Report
COMPONENT NAME

authorized_key

ANSIBLE VERSION
ansible [core 2.16.1]
COLLECTION VERSION
/home/ciprian/.ansible/collections/ansible_collections
ansible.posix                 1.5.4

/home/ciprian/.local/lib/python3.11/site-packages/ansible_collections
ansible.posix                 1.5.4
CONFIGURATION
CONFIG_FILE() = /home/ciprian/ansible/home_linux/ansible.cfg
DEFAULT_HOST_LIST(/home/ciprian/ansible/home_linux/ansible.cfg) = ['/home/ciprian/ansible/home_linux/hosts.ini']
DEFAULT_LOAD_CALLBACK_PLUGINS(/home/ciprian/ansible/home_linux/ansible.cfg) = True
DEFAULT_ROLES_PATH(/home/ciprian/ansible/home_linux/ansible.cfg) = ['/home/ciprian/ansible/home_linux/roles']
DEFAULT_STDOUT_CALLBACK(/home/ciprian/ansible/home_linux/ansible.cfg) = yaml
DEFAULT_VAULT_PASSWORD_FILE(/home/ciprian/ansible/home_linux/ansible.cfg) = /home/ciprian/.vault/password_file
HOST_KEY_CHECKING(/home/ciprian/ansible/home_linux/ansible.cfg) = False
OS / ENVIRONMENT

Debian 12, Debian 11 VM

STEPS TO REPRODUCE
- name: Add ciprian-ed448 authorized key
  ansible.posix.authorized_key:
    user: root
    state: present
    key: "ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmHz1ranDg5alPMO44M5odpWQzpH47xUYQOxztxGo5ZXwA15J6uuQv9ncRvw/u1rjVEM98fBBH+lYA= ciprian"
EXPECTED RESULTS

Expected key to be added to authorized_keys like any other key

ACTUAL RESULTS
fatal: [dev-ops]: FAILED! => changed=false
  invocation:
    module_args:
      comment: null
      exclusive: false
      follow: false
      key: ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmHz1ranDg5alPMO44M5odpWQzpH47xUYQOxztxGo5ZXwA15J6uuQv9ncRvw/u1rjVEM98fBBH+lYA= ciprian
      key_options: null
      keyfile: /root/.ssh/authorized_keys
      manage_dir: true
      path: null
      state: present
      user: root
      validate_certs: true
  msg: 'invalid key specified: ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmHz1ranDg5alPMO44M5odpWQzpH47xUYQOxztxGo5ZXwA15J6uuQv9ncRvw/u1rjVEM98fBBH+lYA= ciprian'

@konstruktoid
Copy link

The allowed types are defined at https://github.com/ansible-collections/ansible.posix/blob/main/plugins/modules/authorized_key.py#L400

Can you also verify that ssh-ed448 is a supported type?

~$ ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
~$ ssh -Q key | sort -u
ecdsa-sha2-nistp256
[email protected]
ecdsa-sha2-nistp384
[email protected]
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ssh-dss
[email protected]
ssh-ed25519
[email protected]
ssh-rsa
[email protected]
~$ ssh -V
OpenSSH_9.6p1 Ubuntu-3ubuntu2, OpenSSL 3.0.10 1 Aug 2023
~$ ssh -Q key | sort -u
ecdsa-sha2-nistp256
[email protected]
ecdsa-sha2-nistp384
[email protected]
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ssh-dss
[email protected]
ssh-ed25519
[email protected]
ssh-rsa
[email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants