ansible / ansible.builtin / v2.9.25 / module / authorized_key Adds or removes an SSH authorized key | "added in version" 0.5 of ansible.builtin" Authors: Ansible Core Team preview | supported by coreansible.builtin.authorized_key (v2.9.25) — module
pip
Install with pip install ansible==2.9.25
Adds or removes SSH authorized keys for particular user accounts.
- name: Set authorized key taken from file authorized_key: user: charlie state: present key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
- name: Set authorized keys taken from url authorized_key: user: charlie state: present key: https://github.com/charlie.keys
- name: Set authorized key in alternate location authorized_key: user: charlie state: present key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}" path: /etc/ssh/authorized_keys/charlie manage_dir: False
- name: Set up multiple authorized keys authorized_key: user: deploy state: present key: '{{ item }}' with_file: - public_keys/doe-jane - public_keys/doe-john
- name: Set authorized key defining key options authorized_key: user: charlie state: present key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}" key_options: 'no-port-forwarding,from="10.0.1.1"'
- name: Set authorized key without validating the TLS/SSL certificates authorized_key: user: charlie state: present key: https://github.com/user.keys validate_certs: False
- name: Set authorized key, removing all the authorized keys already set authorized_key: user: root key: '{{ item }}' state: present exclusive: True with_file: - public_keys/doe-jane
- name: Set authorized key for user ubuntu copying it from current user authorized_key: user: ubuntu state: present key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
key: description: - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys). required: true type: str path: description: - Alternate path to the authorized_keys file. - When unset, this value defaults to I(~/.ssh/authorized_keys). type: path version_added: '1.2' version_added_collection: ansible.builtin user: description: - The username on the remote host whose authorized_keys file will be modified. required: true type: str state: choices: - absent - present default: present description: - Whether the given key (with the given key_options) should or should not be in the file. type: str follow: default: false description: - Follow path symlink instead of replacing it. type: bool version_added: '2.7' version_added_collection: ansible.builtin comment: description: - Change the comment on the public key. - Rewriting the comment is useful in cases such as fetching it from GitHub or GitLab. - If no comment is specified, the existing comment will be kept. type: str version_added: '2.4' version_added_collection: ansible.builtin exclusive: default: false description: - Whether to remove all other non-specified keys from the authorized_keys file. - Multiple keys can be specified in a single C(key) string value by separating them by newlines. - This option is not loop aware, so if you use C(with_) , it will be exclusive per iteration of the loop. - If you want multiple keys in the file you need to pass them all to C(key) in a single batch as mentioned above. type: bool version_added: '1.9' version_added_collection: ansible.builtin manage_dir: default: true description: - Whether this module should manage the directory of the authorized key file. - If set to C(yes), the module will create the directory, as well as set the owner and permissions of an existing directory. - Be sure to set C(manage_dir=no) if you are using an alternate directory for authorized_keys, as set with C(path), since you could lock yourself out of SSH access. - See the example below. type: bool version_added: '1.2' version_added_collection: ansible.builtin key_options: description: - A string of ssh key options to be prepended to the key in the authorized_keys file. version_added: '1.4' version_added_collection: ansible.builtin validate_certs: default: true description: - This only applies if using a https url as the source of the keys. - If set to C(no), the SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates as it avoids verifying the source site. - Prior to 2.1 the code worked as if this was set to C(yes). type: bool version_added: '2.1' version_added_collection: ansible.builtin
exclusive: description: If the key has been forced to be exclusive or not. returned: success sample: false type: bool key: description: The key that the module was running against. returned: success sample: https://github.com/user.keys type: str key_option: description: Key options related to the key. returned: success sample: null type: str keyfile: description: Path for authorized key file. returned: success sample: /home/user/.ssh/authorized_keys type: str manage_dir: description: Whether this module managed the directory of the authorized key file. returned: success sample: true type: bool path: description: Alternate path to the authorized_keys file returned: success sample: null type: str state: description: Whether the given key (with the given key_options) should or should not be in the file returned: success sample: present type: str unique: description: Whether the key is unique returned: success sample: false type: bool user: description: The username on the remote host whose authorized_keys file will be modified returned: success sample: user type: str validate_certs: description: This only applies if using a https url as the source of the keys. If set to C(no), the SSL certificates will not be validated. returned: success sample: true type: bool