Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorized_key: user option is not respected/does not work as expected #483

Closed
Tronde opened this issue Jul 22, 2023 · 7 comments · Fixed by #490
Closed

authorized_key: user option is not respected/does not work as expected #483

Tronde opened this issue Jul 22, 2023 · 7 comments · Fixed by #490

Comments

@Tronde
Copy link

Tronde commented Jul 22, 2023

SUMMARY

After a user account was created by using the modules ansible.builtin.group and ansible.builtin.user I would like to use ansible.posix.authorized_key with the user option to configure the authorized_keys file of this new created user. But instead of the users's authorized_keys file the one of root is edited instead.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

authorized_key

ANSIBLE VERSION
ansible [core 2.14.2]
  config file = /home/tronde/ansible/ansible.cfg
  configured module search path = ['/home/tronde/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /usr/share/ansible/collections:/home/tronde/ansible/my_collections:/home/tronde/.ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.2 (main, May 24 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /home/tronde/.ansible/collections/ansible_collections
Collection    Version
------------- -------
ansible.posix 1.5.2
CONFIGURATION
COLLECTIONS_PATHS(/home/tronde/ansible/ansible.cfg) = ['/usr/share/ansible/collections', '/home/tronde/ansible/my_collections', '/home/tronde/.ansible/collection>
CONFIG_FILE() = /home/tronde/ansible/ansible.cfg
DEFAULT_HOST_LIST(/home/tronde/ansible/ansible.cfg) = ['/home/tronde/ansible/hosts']
DEFAULT_PRIVATE_KEY_FILE(/home/tronde/ansible/ansible.cfg) = /home/jkastning/.ssh/ansible_id_rsa
DEFAULT_ROLES_PATH(/home/tronde/ansible/ansible.cfg) = ['/home/tronde/ansible', '/home/tronde/ansible/roles', '/usr/share/ansible/roles']
HOST_KEY_CHECKING(/home/tronde/ansible/ansible.cfg) = False
INTERPRETER_PYTHON(/home/tronde/ansible/ansible.cfg) = /usr/bin/python3.9
OS / ENVIRONMENT

Target OS version: Debian GNU/Linux 12 (bookworm) and Red Hat Enterprise Linux 9.2 (Plow)

STEPS TO REPRODUCE

I have the following test node in my Ansible inventory:
test-vm1 ansible_host=192.168.1.226 ansible_user=root ansible_python_interpreter=/usr/bin/python3.11

On this host I would like to create a user and configure the authorized_keys file using the following playbook.

---
- name: Configure user tronde
  hosts: test-vm1
  become: true
  tasks:
    - name: Configure group tronde with GID 2000
      ansible.builtin.group:
        name: tronde
        gid: 2000
        state: present

    - name: Configure user tronde with UID 2000
      ansible.builtin.user:
        name: tronde
        uid: 2000
        create_home: true
        group: tronde
        password: "{{ 'debian4eva' | password_hash('sha512', 'S1AL12T42Z') }}"
        state: present
        update_password: on_create

    - name: Make sure SSH public key is present
      ansible.posix.authorized_key:
        user: tronde
        comment: tronde
        exclusive: false
        key: "{{ lookup('file', '/home/jkastning/.ssh/tronde_ed25519.pub') }}"
        path: ~/.ssh/authorized_keys
        state: present
EXPECTED RESULTS

User tronde should have an authorized_keys file that includes the specified SSH public key.
So the file /home/tronde/.ssh/authorized_keys should be created and configured.

ACTUAL RESULTS

The file /root/.ssh/authorized_keys is edited though "user": "tronde" is set. Ownership and file mode are set in a way that locks out root immediatly.

$ ansible-playbook configure_user_tronde.yml -vvvv
ansible-playbook [core 2.14.2]
  config file = /home/tronde/ansible/ansible.cfg
  configured module search path = ['/home/tronde/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /usr/share/ansible/collections:/home/tronde/ansible/my_collections:/home/tronde/.ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.11.2 (main, May 24 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
Using /home/tronde/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/tronde/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /home/tronde/ansible/hosts as it did not pass its verify_file() method
Parsed /home/tronde/ansible/hosts inventory source with ini plugin
Loading collection ansible.posix from /home/tronde/.ansible/collections/ansible_collections/ansible/posix
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.11/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: configure_user_tronde.yml ****************************************************************
Positional arguments: configure_user_tronde.yml
verbosity: 4
private_key_file: /home/tronde/.ssh/ansible_id_rsa
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/tronde/ansible/hosts',)
forks: 5
1 plays in configure_user_tronde.yml

PLAY [Configure user tronde] ***********************************************************************
===============
I SKIP TO THE TASK USING authorized_key MODULE
===============
TASK [Make sure SSH public key is present] *********************************************************
task path: /home/tronde/ansible/configure_user_tronde.yml:26
File lookup using /home/tronde/.ssh/jk_ed25519.pub as file
<192.168.1.226> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.226> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' 192.168.1.226 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<192.168.1.226> (0, b'/root\n', b"OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/tronde/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/tronde/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
<192.168.1.226> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.226> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' 192.168.1.226 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103 `" && echo ansible-tmp-1690053864.9402003-49424-266246444550103="` echo /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103 `" ) && sleep 0'"'"''
<192.168.1.226> (0, b'ansible-tmp-1690053864.9402003-49424-266246444550103=/root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103\n', b"OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/tronde/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/tronde/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
Using module file /home/tronde/.ansible/collections/ansible_collections/ansible/posix/plugins/modules/authorized_key.py
<192.168.1.226> PUT /home/tronde/.ansible/tmp/ansible-local-49389yjdbn2lf/tmpt6a3jbj2 TO /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/AnsiballZ_authorized_key.py
<192.168.1.226> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' '[192.168.1.226]'
<192.168.1.226> (0, b'sftp> put /home/tronde/.ansible/tmp/ansible-local-49389yjdbn2lf/tmpt6a3jbj2 /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/AnsiballZ_authorized_key.py\n', b'OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched \'final\'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched \'final\'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts\' -> \'/home/tronde/.ssh/known_hosts\'\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts2\' -> \'/home/tronde/.ssh/known_hosts2\'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Server supports extension "[email protected]" revision 2\r\ndebug2: Server supports extension "[email protected]" revision 2\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Server supports extension "[email protected]" revision 1\r\ndebug2: Unrecognised server extension "copy-data"\r\ndebug2: Unrecognised server extension "home-directory"\r\ndebug2: Unrecognised server extension "[email protected]"\r\ndebug3: Sent message [email protected] I:1\r\ndebug3: Received limits reply T:201 I:1\r\ndebug1: Using server download size 261120\r\ndebug1: Using server upload size 261120\r\ndebug1: Server handle limit 1019; using 64\r\ndebug3: Sent message fd 3 T:16 I:2\r\ndebug3: SSH2_FXP_REALPATH . -> /root\r\ndebug3: Looking up /home/tronde/.ansible/tmp/ansible-local-49389yjdbn2lf/tmpt6a3jbj2\r\ndebug3: Sent message fd 3 T:17 I:3\r\ndebug1: Couldn\'t stat remote file: No such file or directory\r\ndebug3: Sent dest message SSH2_FXP_OPEN I:4 P:/root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/AnsiballZ_authorized_key.py M:0x001a\r\ndebug3: Sent message SSH2_FXP_WRITE I:6 O:0 S:169065\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: In write loop, ack for 6 169065 bytes at 0\r\ndebug3: Sent message SSH2_FXP_CLOSE I:5\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<192.168.1.226> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.226> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' 192.168.1.226 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/ /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/AnsiballZ_authorized_key.py && sleep 0'"'"''
<192.168.1.226> (0, b'', b"OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/tronde/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/tronde/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
<192.168.1.226> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.226> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' -tt 192.168.1.226 '/bin/sh -c '"'"'/usr/bin/python3.11 /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/AnsiballZ_authorized_key.py && sleep 0'"'"''
<192.168.1.226> (0, b'\r\n{"user": "tronde", "comment": "tronde", "exclusive": false, "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwIaHUWaUCYxSb3Fxjk3SYe0V/jB5Uis+0P0AG6gWcr [email protected]", "path": "/root/.ssh/authorized_keys", "state": "file", "manage_dir": true, "validate_certs": true, "follow": false, "key_options": null, "keyfile": "/root/.ssh/authorized_keys", "changed": true, "uid": 2000, "gid": 2000, "owner": "tronde", "group": "tronde", "mode": "0600", "size": 837, "invocation": {"module_args": {"user": "tronde", "comment": "tronde", "exclusive": false, "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwIaHUWaUCYxSb3Fxjk3SYe0V/jB5Uis+0P0AG6gWcr [email protected]", "path": "/root/.ssh/authorized_keys", "state": "present", "manage_dir": true, "validate_certs": true, "follow": false, "key_options": null, "keyfile": "/root/.ssh/authorized_keys", "changed": true}}}\r\n', b"OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/tronde/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/tronde/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 192.168.1.226 closed.\r\n")
<192.168.1.226> ESTABLISH SSH CONNECTION FOR USER: root
<192.168.1.226> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/home/tronde/.ssh/ansible_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o 'ControlPath="/home/tronde/.ansible/cp/90a1cc505d"' 192.168.1.226 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1690053864.9402003-49424-266246444550103/ > /dev/null 2>&1 && sleep 0'"'"''
<192.168.1.226> (0, b'', b"OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.1.226 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /home/tronde/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.1.226 originally 192.168.1.226\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]\r\ndebug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/tronde/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/tronde/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 49399\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
changed: [test-vm1] => {
    "changed": true,
    "comment": "tronde",
    "exclusive": false,
    "follow": false,
    "gid": 2000,
    "group": "tronde",
    "invocation": {
        "module_args": {
            "changed": true,
            "comment": "tronde",
            "exclusive": false,
            "follow": false,
            "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwIaHUWaUCYxSb3Fxjk3SYe0V/jB5Uis+0P0AG6gWcr [email protected]",
            "key_options": null,
            "keyfile": "/root/.ssh/authorized_keys",
            "manage_dir": true,
            "path": "/root/.ssh/authorized_keys",
            "state": "present",
            "user": "tronde",
            "validate_certs": true
        }
    },
    "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwIaHUWaUCYxSb3Fxjk3SYe0V/jB5Uis+0P0AG6gWcr [email protected]",
    "key_options": null,
    "keyfile": "/root/.ssh/authorized_keys",
    "manage_dir": true,
    "mode": "0600",
    "owner": "tronde",
    "path": "/root/.ssh/authorized_keys",
    "size": 837,
    "state": "file",
    "uid": 2000,
    "user": "tronde",
    "validate_certs": true
}

PLAY RECAP *****************************************************************************************
test-vm1                   : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

As you can see the file /root/.ssh/authorized_keys was edited though "user": "tronde" was set. Ownership and file mode were set in a way that locks out root immediatly.

In case any additional information is necessary to solve this issue, please don't hesitate to reach out.

Best regards,
Tronde
@Tronde
Copy link
Author

Tronde commented Jul 23, 2023

A workaround exists by adding become_user: tronde to the task, but that shouldn't be necessary.


    - name: Make sure SSH public key is present
      ansible.posix.authorized_key:
        user: tronde
        comment: tronde
        exclusive: false
        key: "{{ lookup('file', '/home/jkastning/.ssh/tronde_ed25519.pub') }}"
        path: ~/.ssh/authorized_keys
        state: present
      become_user: tronde

@goneri
Copy link
Member

goneri commented Sep 1, 2023
edited
Loading

The problem comes from the fact you use the root user because of the become: true and the ~/ is expended too early. You can probably just remove the path: ~/.ssh/authorized_keys and let the module use its default value for that key.

I don't think this is something that can easily be changed because it people may rely on the current behaviour and be surprised by a subtle change.

@Tronde
Copy link
Author

Tronde commented Sep 1, 2023

The problem comes from the fact you use the root user because of the become: true and the ~/ is expended too early. You can probably just remove the path: ~/.ssh/authorized_keys and let the module use its default value for that key.

I did what you suggested and removed path: ~/.ssh/authorized_keys from the task to let the module use its default value and it worked as desired. But I don't understand why as the value defaults to ~/.ssh/authorized_keys.

Could you explain to me why it works when using the implicit default value but not when specifying the same value explicit, please?

I would like to understand it.

@atom4git
Copy link
Contributor

atom4git commented Sep 1, 2023

@Tronde @goneri
Let me help you to answer this question
here we use UNIX shortcut named "relative pathname"
**~**/.ssh/authorized_keys
When you perform ansible command in this case you act as root user (so it write your data in the root home directory).
Correct me if I'm wrong.

@Tronde
Copy link
Author

Tronde commented Sep 2, 2023

But docs say that if you don't specify the path parameter a default is used. And this default is ~/.ssh/authorized_keys. The same as I have explicitly specified. Why does this default does not expend to the home directory of user root?

I guess the relevant part in source is in file authorized_key.py lines 318 to 324:

    if path is None:
        homedir = user_entry.pw_dir
        sshdir = os.path.join(homedir, ".ssh")
        keysfile = os.path.join(sshdir, "authorized_keys")
    else:
        sshdir = os.path.dirname(path)
        keysfile = path

So if I don't specify path in my task the homedir is created by user_entry.pw_dir which I don't know what it does. If path is not specified the path seems to be created differently. But I could be totally wrong here.

atom4git added a commit to atom4git/ansible.posix that referenced this issue Sep 2, 2023
@atom4git
Docs: fix unclearence add example with reletive pathes ansible-collec…
d25e632 
…tions#483
@atom4git
Copy link
Contributor

atom4git commented Sep 2, 2023

I think it's unclearance in writing documentation.
It should contain:
~user/.ssh/authorized_keys
instead of:
~/.ssh/authorized_keys
in case we want to add path manually it's better to use:
absolute path
or
define path for specific user ~user/.ssh/authorized_keys

Are you agree with me @Tronde @goneri ?
Here is a created pool request : LINK

@Tronde
Copy link
Author

Tronde commented Sep 2, 2023

LGTM.

@atom4git atom4git mentioned this issue Sep 2, 2023
Merged
atom4git added a commit to atom4git/ansible.posix that referenced this issue Sep 5, 2023
@atom4git
Docs: fix unclearence add example with reletive pathes ansible-collec…
9b59dc1 
…tions#483
atom4git added a commit to atom4git/ansible.posix that referenced this issue Sep 5, 2023
@atom4git
Docs: fix unclearence add example with reletive pathes ansible-collec…
6c7a4bc 
…tions#483
atom4git added a commit to atom4git/ansible.posix that referenced this issue Sep 5, 2023
@atom4git
Docs: fix unclearence add example with reletive pathes ansible-collec…
89ff6d7 
…tions#483
softwarefactory-project-zuul bot added a commit that referenced this issue Apr 2, 2024
@softwarefactory-project-zuul
Merge pull request #490 from atom4git/main
d36a289 
Docs/authorized_key: clarify that the path key should probably NOT be set

SUMMARY

Docs: Fixed unclearance in documentation connected wirh relative path
Added additional description in documentation.

ISSUE TYPE


Docs Pull Request

COMPONENT NAME

authorized_key.py
ADDITIONAL INFORMATION

Clarify the documentation unclearance in connected with relative path ~/.ssh/authorized_keys
The purpose of the pull request is to eliminate ambiguities in the documentation.
In our case, when using the ~ sign, we get the user's root directory (although we explicitly specify a different username)
Here is the issue and full picture of problem which we want to fix: LINK

Closese:  #483

Reviewed-by: Gonéri Le Bouder <[email protected]>
Reviewed-by: atom4git
Reviewed-by: Hideki Saito <[email protected]>
lumiere-bot bot referenced this issue in coolguy1771/home-ops Sep 16, 2024
@lumiere-bot
feat(ansible): update ansible.posix ( 1.5.4 → 1.6.0 ) (#5402)
8abae3e 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[ansible.posix](https://redirect.github.com/ansible-collections/ansible.posix)
| galaxy-collection | minor | `1.5.4` -> `1.6.0` |

---

### Release Notes

<details>
<summary>ansible-collections/ansible.posix (ansible.posix)</summary>

###
[`v1.6.0`](https://redirect.github.com/ansible-collections/ansible.posix/blob/HEAD/CHANGELOG.rst#v160)

[Compare
Source](https://redirect.github.com/ansible-collections/ansible.posix/compare/1.5.4...1.6.0)

\======

## Release Summary

This is the minor release of the `ansible.posix` collection.
This changelog contains all changes to the modules and plugins
in this collection that have been added after the release of
`ansible.posix` 1.5.4.

## Major Changes

- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum
required version for this release

## Minor Changes

- Add summary_only parameter to profile_roles and profile_tasks
callbacks.
- firewalld - add functionality to set forwarding
([https://github.com/ansible-collections/ansible.posix/pull/548](https://redirect.github.com/ansible-collections/ansible.posix/pull/548)).
- firewalld - added offline flag implementation
([https://github.com/ansible-collections/ansible.posix/pull/484](https://redirect.github.com/ansible-collections/ansible.posix/pull/484))
- firewalld - respawn module to use the system python interpreter when
the `firewall` python module is not available for
`ansible_python_interpreter`
([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)).
- firewalld_info - Only warn about ignored zones, when there are zones
ignored.
- firewalld_info - respawn module to use the system python interpreter
when the `firewall` python module is not available for
`ansible_python_interpreter`
([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)).
- mount - add no_log option for opts parameter
([https://github.com/ansible-collections/ansible.posix/pull/563](https://redirect.github.com/ansible-collections/ansible.posix/pull/563)).
- seboolean - respawn module to use the system python interpreter when
the `selinux` python module is not available for
`ansible_python_interpreter`
([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)).
- selinux - respawn module to use the system python interpreter when the
`selinux` python module is not available for
`ansible_python_interpreter`
([https://github.com/ansible-collections/ansible.posix/pull/460](https://redirect.github.com/ansible-collections/ansible.posix/pull/460)).

## Removed Features (previously deprecated)

- skippy - Remove skippy pluglin as it is no longer
supported([https://github.com/ansible-collections/ansible.posix/issues/350](https://redirect.github.com/ansible-collections/ansible.posix/issues/350)).

## Bugfixes

- Bugfix in the documentation regarding the path option for
authorised_key([https://github.com/ansible-collections/ansible.posix/issues/483](https://redirect.github.com/ansible-collections/ansible.posix/issues/483)).
-   seboolean - make it work with disabled SELinux
- synchronize - maintain proper formatting of the remote paths
([https://github.com/ansible-collections/ansible.posix/pull/361](https://redirect.github.com/ansible-collections/ansible.posix/pull/361)).
- sysctl - fix sysctl to work properly on symlinks
([https://github.com/ansible-collections/ansible.posix/issues/111](https://redirect.github.com/ansible-collections/ansible.posix/issues/111)).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC43Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguNzcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvYW5zaWJsZSIsInR5cGUvbWlub3IiXX0=-->

Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Docs/authorized_key: clarify that the path key should probably NOT be set atom4git/ansible.posix
3 participants
@goneri @Tronde @atom4git