This repository has been archived by the owner. It is now read-only.

/ansible-modules-core

Ansible is unable to configure multiple permitopen authorized_key options #1715

Closed
mulander opened this Issue Jul 11, 2015 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
4 participants
@mulander @linuxdynasty @jctanner @bcoca
@mulander

mulander commented Jul 11, 2015

The ansible documentation states that:

 A string of ssh key options to be prepended to the key in the authorized_keys file

source: http://docs.ansible.com/authorized_key_module.html

The ssh documentation states:

permitopen="host:port"
Limit local port forwarding with ssh(1) -L such that it may only connect to the specified host and port. IPv6 addresses can be specified by enclosing the address in square brackets. Multiple permitopen options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. A port specification of * matches any port.

With the above in mind I'm testing the following ansible rule:

  authorized_key: user={{ item }}
                  key_options='no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001",permitopen="10.9.8.1:7767",permitopen="10.9.8.1:9900",permitopen="localhost:3001",permitopen="localhost:3002",permitopen="localhost:3003"'
                  key="{{ lookup('file', 'public_keys/' + item + '.pub') }}"
                  path="/home/{{ item }}/.ssh/authorized_keys"
                  manage_dir=no
                  state=present

This results in a key being added but with subsequent permitopen options being overwritten by the last parsed value:

root@build:~# cat /home/mulander/.ssh/authorized_keys 
no-agent-forwarding,no-X11-forwarding,permitopen="localhost:3003",permitopen="localhost:3003",permitopen="localhost:3003",permitopen="localhost:3003",permitopen="localhost:3003",permitopen="localhost:3003",permitopen="localhost:3003" ssh-rsa AAA

Please notice that all hosts and ports were replaced by localhost:3003 which is the last permitopen entry. This overwrites both the host & port. The issue is most probably caused by parsing the values into a dict using the permitopen as the key. The value should be kept as an array in order not to loose configuration.

Tested on ansible 1.7.2

This was initially reported as #11559 on the ansible main repository

@bcoca bcoca added P2 bug_report labels Jul 11, 2015

@mulander mulander referenced this issue Jul 11, 2015

Closed

Ansible is unable to configure multiple permitopen authorized_key options #11559

linuxdynasty added a commit to linuxdynasty/ansible-modules-core that referenced this issue Apr 29, 2016

@linuxdynasty
Fixes #1715 Allow authorized_module accept multi. 
This will allow the authorized_module to accept options that can be
passed multiple times into ssh options. For instance permitopen.
365aaad
@linuxdynasty

This comment has been minimized.

Show comment
Hide comment
@linuxdynasty

linuxdynasty Apr 29, 2016

Contributor

@mulander, I added a fix for this module. Please test it out when you have a chance.
Contributor

linuxdynasty commented Apr 29, 2016

@mulander, I added a fix for this module. Please test it out when you have a chance.

linuxdynasty added a commit to linuxdynasty/ansible-modules-core that referenced this issue Apr 29, 2016

@linuxdynasty
Fixes #1715 Allow authorized_module accept multi. 
This will allow the authorized_module to accept options that can be
passed multiple times into ssh options. For instance permitopen.
f395282
@jctanner

This comment has been minimized.

Show comment
Hide comment
@jctanner

jctanner May 6, 2016

Member

@linuxdynasty are you going to send that as a pull request?
Member

jctanner commented May 6, 2016

@linuxdynasty are you going to send that as a pull request?
@linuxdynasty

This comment has been minimized.

Show comment
Hide comment
@linuxdynasty

linuxdynasty May 6, 2016

Contributor

#3573 is the PR @jctanner
Contributor

linuxdynasty commented May 6, 2016

#3573 is the PR @jctanner

@linuxdynasty linuxdynasty referenced this issue May 9, 2016

Merged

Allow authorized_keys module to accept multiple permitopen #3573

@jctanner jctanner closed this in #3573 Jun 20, 2016

jctanner added a commit that referenced this issue Jun 20, 2016

@linuxdynasty @jctanner
Fixes #1715 Allow authorized_module accept multi. (#3573) 
This will allow the authorized_module to accept options that can be
passed multiple times into ssh options. For instance permitopen.
343c3ec

@jctanner jctanner referenced this issue Jun 20, 2016

Merged

Add test for multi-options in authorized_key #16375

jctanner added a commit to ansible/ansible that referenced this issue Jun 21, 2016

@jctanner
Add test for multi-options in authorized_key (#16375) 
Addresses ansible/ansible-modules-core#1715
b7f9037

jensonb added a commit to jensonb/ansible-modules-core that referenced this issue Jun 21, 2016

@linuxdynasty @jensonb
Fixes #1715 Allow authorized_module accept multi. (#3573) 
This will allow the authorized_module to accept options that can be
passed multiple times into ssh options. For instance permitopen.
1b4370b

svenstaro added a commit to svenstaro/ansible-modules-core that referenced this issue Jul 12, 2016

@linuxdynasty @svenstaro
Fixes #1715 Allow authorized_module accept multi. (#3573) 
This will allow the authorized_module to accept options that can be
passed multiple times into ssh options. For instance permitopen.
8122ca7
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.