Have generate_ssh_key include the username

Question

Have generate_ssh_key include the username

cubistico opened this issue 2 years ago · 6 comments

Is there any way to have generate_ssh_key include the username after the generated key (like ssh-keygen does)?

Reason for this requirement:

I have servers that can ssh to other servers under another username, and it's very confusing not to be able see which user the generated ssh key is for.

Answer 1 · 2022-11-23T23:51:47.000Z

Yes see examples in readme

Answer 2 · 2022-11-24T09:37:34.000Z

Sorry, I may be dumb or something, but your answer doesn't help me. Perhaps my description was not good, let me try again:

I've set up my users var like this, for example:

  - username: testuser
    password: 
    update_password: on_create
    comment: Test User
    groups: docker
    shell: /bin/bash
    generate_ssh_key: yes
    user_state: present
    servers:
      - docker_servers

After running the playbook, cat home/testuser/.ssh/id_rsa.pub shows:

ssh-rsa AAAAB3Nza[...]2PehubPc+ahouIX6c= ansible-generated on tycho-station

My question refers to the ansible-generated on tycho-station part. The comment value is obviously not used there. If I generate the key using ssh-keygen however, it gives me something like

ssh-rsa AAAAB3Nza[...]2PehubPc+ahouIX6c= testuser@tycho-station

So it includes the username, which is helpful when I add several public keys to authorized_keys.

Please help me understand what you were proposing to get an entry like this. Thanks!

Answer 3 · 2022-11-26T21:02:02.000Z

Ok, now I understand this is just when generating a new ssh key. Yes, it appears Ansible has an option to specify a comment field. I will look into this.

Answer 4 · 2022-12-19T18:50:23.000Z

latest commit adds this feature (release 1.0.8)
add to your config:
ssh_key_comment: myuser@mypc

Answer 5 · 2022-12-20T10:03:39.000Z

I tested, and it works, but I'm afraid it's not what I need, because:

With ssh_key_comment, I can add a comment for that user, but that is going to be the same on all servers.

However, what I need is the username and the servername that this key was generated for in the comment, so I can distinguish them. With the new option, if now I generate keys for user testuser on 10 servers, I get 10 different keys which all have the same comment. That's not helpful.

Also, I actually don't want to specify a comment manually, because all the information I want in the comment is already available:

ssh-rsa AAAAB3N[...]
GLxnzvfKz5nWCT5YfK2TtTg7MWcc6FhOem1XOi+kyjQKCbE= <username>@<servername>

or perhaps more similar to the old style

ssh-rsa AAAAB3N[...]
GLxnzvfKz5nWCT5YfK2TtTg7MWcc6FhOem1XOi+kyjQKCbE= ansible-generated for <username> on <servername>

Apologies if I didn't express myself clear enough before!

Thanks

Answer 6 · 2022-12-21T03:47:51.000Z

This makes sense. I created a new PR if you can verify #25 does what you would like.