Can't create public key from private key created without passphrase.
gtherond opened this issue · 2 comments
SUMMARY
You can't generate a public key from a private key without passphrase.
Trying to do so result with the following message: Wrong passphrase provided for private key
The private key is readable, is usable by ansible as it's used to perform other successfull actions.
The private key DO NOT have any passphrase I'm 100% sure of that.
I can totally write something on the destination path as I tested writing a dummy file with data filed in.
ISSUE TYPE
- Bug Report
COMPONENT NAME
plugins/modules/openssl_publickey.py
ANSIBLE VERSION
ansible [core 2.15.4]
config file = /home/jenkins/workspace/redacted/ansible.cfg
configured module search path = ['/home/jenkins/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/jenkins/.local/lib/python3.11/site-packages/ansible
ansible collection location = /home/jenkins/.ansible/collections:/usr/share/ansible/collections
executable location = /home/jenkins/.local/bin/ansible
python version = 3.11.5 (main, Aug 26 2023, 11:59:23) [GCC 12.2.1 20220924] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /home/jenkins/.local/lib/python3.11/site-packages/ansible_collections
Collection Version
---------------- -------
community.crypto 2.15.1
CONFIGURATION
CONFIG_FILE() = /home/jenkins/workspace/redacted/ansible.cfg
DEFAULT_ASK_PASS(/home/jenkins/workspace/redacted/ansible.cfg) = False
DEFAULT_GATHERING(/home/jenkins/workspace/redacted/ansible.cfg) = smart
DEFAULT_TRANSPORT(/home/jenkins/workspace/redacted/ansible.cfg) = smart
HOST_KEY_CHECKING(/home/jenkins/workspace/redacted/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/jenkins/workspace/redacted/ansible.cfg) = False
OS / ENVIRONMENT
Ansible Controller running on a Alpine 3.18.3.
Target OS are CentOS Stream 8.
The task is to create a pubkey from the controller private key, it's so delegated to the controller.
STEPS TO REPRODUCE
Just create a task that you delegate to the ansible controller.
- name: "Generate controller public key."
community.crypto.openssl_publickey:
privatekey_path: "{{ ssh.host.key.path }}{{ ssh.host.key.name }}"
path: "{{ ssh.host.key.path }}{{ ssh.host.key.name }}.pub"
format: OpenSSH
run_once: true
delegate_to: localhostwith ssh var object having the following shape:
ssh:
host:
key:
path: "/home/jenkins/.ssh/"
name: "id_ed25519"
EXPECTED RESULTS
I should end up with a public key calculated from the private key.
ACTUAL RESULTS
fatal: [host234578 -> localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"attributes": null,
"backup": false,
"force": false,
"format": "OpenSSH",
"group": null,
"mode": null,
"owner": null,
"path": "/home/jenkins/.ssh/id_ed25519.pub",
"privatekey_content": null,
"privatekey_passphrase": null,
"privatekey_path": "/home/jenkins/.ssh/id_ed25519",
"return_content": false,
"select_crypto_backend": "auto",
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"state": "present",
"unsafe_writes": false
}
},
"msg": "Wrong passphrase provided for private key"
}So do I understand correctly that you have a OpenSSL private key (and not an OpenSSH private key)? Because your example seems to indicate otherwise.
The module's documentation states:
OpenSSH private keys are not supported, use the community.crypto.openssh_keypair module to manage these.
-_- ... I'm really sorry, yes, this is an OpenSSH based key... Didn't read correctly the module documentation. I think it should be emphasis on the doc as I really didn't read it.
Sorry for that false alarm and thanks a lot for the answer!