�
�Udac @` s� d d l m Z m Z m Z e Z i d d 6d g d 6d d 6Z d Z d Z d
Z d d l
Z
d d l Z d d l Z d d l
m Z d d
l m Z d e f d � � YZ d e f d � � YZ d � Z e d k r� e � n d S( i ( t absolute_importt divisiont print_functions 1.1t metadata_versiont previewt statust communityt supported_bys�
---
module: openssh_keypair
author: "David Kainz (@lolcube)"
version_added: "2.8"
short_description: Generate OpenSSH private and public keys.
description:
- "This module allows one to (re)generate OpenSSH private and public keys. It uses
ssh-keygen to generate keys. One can generate C(rsa), C(dsa), C(rsa1), C(ed25519)
or C(ecdsa) private keys."
requirements:
- "ssh-keygen"
options:
state:
description:
- Whether the private and public keys should exist or not, taking action if the state is different from what is stated.
type: str
default: present
choices: [ present, absent ]
size:
description:
- "Specifies the number of bits in the private key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits.
Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
For ECDSA keys, size determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits.
Attempting to use bit lengths other than these three values for ECDSA keys will cause this module to fail.
Ed25519 keys have a fixed length and the size will be ignored."
type: int
type:
description:
- "The algorithm used to generate the SSH private key. C(rsa1) is for protocol version 1.
C(rsa1) is deprecated and may not be supported by every version of ssh-keygen."
type: str
default: rsa
choices: ['rsa', 'dsa', 'rsa1', 'ecdsa', 'ed25519']
force:
description:
- Should the key be regenerated even if it already exists
type: bool
default: false
path:
description:
- Name of the files containing the public and private key. The file containing the public key will have the extension C(.pub).
type: path
required: true
comment:
description:
- Provides a new comment to the public key. When checking if the key is in the correct state this will be ignored.
type: str
version_added: "2.9"
extends_documentation_fragment: files
s�
# Generate an OpenSSH keypair with the default values (4096 bits, rsa)
- openssh_keypair:
path: /tmp/id_ssh_rsa
# Generate an OpenSSH rsa keypair with a different size (2048 bits)
- openssh_keypair:
path: /tmp/id_ssh_rsa
size: 2048
# Force regenerate an OpenSSH keypair if it already exists
- openssh_keypair:
path: /tmp/id_ssh_rsa
force: True
# Generate an OpenSSH keypair with a different algorithm (dsa)
- openssh_keypair:
path: /tmp/id_ssh_dsa
type: dsa
s|
size:
description: Size (in bits) of the SSH private key
returned: changed or success
type: int
sample: 4096
type:
description: Algorithm used to generate the SSH private key
returned: changed or success
type: str
sample: rsa
filename:
description: Path to the generated SSH private key file
returned: changed or success
type: str
sample: /tmp/id_ssh_rsa
fingerprint:
description: The fingerprint of the key.
returned: changed or success
type: str
sample: SHA256:r4YCZxihVjedH2OlfjVGI6Y5xAYtdCwk8VxKyzVyYfM
public_key:
description: The public key of the generated SSH private key
returned: changed or success
type: str
sample: ssh-rsa AAAAB3Nza(...omitted...)veL4E3Xcw== test_key
comment:
description: The comment of the generated key
returned: changed or success
type: str
sample: test@comment
N( t
AnsibleModule( t to_nativet KeypairErrorc B` s e Z RS( ( t __name__t
__module__( ( ( sJ /usr/lib/python2.7/site-packages/ansible/modules/crypto/openssh_keypair.pyR
� s t Keypairc B` sD e Z d � Z d � Z e d � Z e d � Z d � Z d � Z RS( c C` s� | j d | _ | j d | _ | j d | _ | j d | _ | j d | _ | j d | _ t | _ | j | _ d | _ i | _ i | _
| j d k r� | j d k r� d n | j | _ | j d
k r� | j d d � q� n | j d
k r:| j d k r d
n | j | _ | j d
k r:| j d d � q:n | j d k r�| j d k r^d n | j | _ | j d k r�| j d d � q�n | j d k r�d | _ n d S( Nt patht statet forcet sizet typet commentt rsat rsa1i i t msgs� For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Attempting to use bit lengths under 1024 will cause the module to fail.t dsas>