Bootstrap FreeKB - Ansible - Create public certificate and private key using the openssh_keypair module
Ansible - Create public certificate and private key using the openssh_keypair module
Updated:   |  Ansible articles

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

The openssh_keypair module is in the community.crypto collection. You may need to install the community.crypto collection. Check out my article Install a collection using the ansible-galaxy collection install command.

openssh_keypair can be used to create a public certificate (such as id_rsa.pub) and private key (such as id_rsa). Or, the openssh_cert module can be used to create a public certificate (such as id_rsa.pub) using an existing private key (such as id_rsa).

  • Almost always this will be run on localhost (that's your Ansible server) so often this is run using - hosts: localhost.
  • This almost always requires you to set gather_facts: false as this is typically done before you are able to SSH onto target servers
---
- hosts: localhost
  gather_facts: false
  vars:
    type: id_rsa
  tasks:
  - name: create the id_rsa private key and id_rsa.pub public certificate
    community.crypto.openssh_keypair:
      path: /home/john.doe/.ssh/{{ type }}
    register: out

  - debug:
      var: out
...

 

Or using delegate_to.

---
- hosts: all
  gather_facts: false
  vars:
    type: id_ed25519
  tasks:
  - name: create the id_rsa private key and id_rsa.pub public certificate
    community.crypto.openssh_keypair:
      path: /home/john.doe/.ssh/{{ type }}
    delegate_to: localhost
    register: out

  - debug:
      var: out
...

 

If the public certificate and private key are successfully created, something like this should be returned.

ok: [localhost] => {
    "out": {
        "changed": true,
        "comment": "",
        "failed": false,
        "filename": "/home/john.doe/.ssh/id_rsa",
        "fingerprint": "SHA256:Hvg2xvushqcCoObByvQQUipO+wqbeUBPz9bpwMNaOSs",
        "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs61PkReWSYblwEe7w90DVly8bfyp8GX0BSs9XGL5KG+X+o89aG74xZGi3vLGTqYyUkM0WKXThlNEpd1rNwhv96F0joOIvjlwiJnLeD2qyrzw6eD2e6hfpyXM4rvkQOfLbqc70N5RvJOVInM7T0T7wWkiYNLL+TDh01eoo0a0FEKn8IfVYGpn2ofulokj344rT4EMQhMXwInFnzMWEyo3vjIVA+2sbaNmMi+qgYnU+TbbstjexVhlxqDhZ3GxLKneWggZk3pO99+zd1nyHLWgNmhnSP8aCKWOfB2LYg4zRj2mXkg90/wHL2W0OruNkCwIqBYJFcE+uQt6ElbHg0R4bLl1eGswq6dnSvhcEe00lzGe17ZaOkro3yXMO3m8qC/mH0FXsjsqNSUGGY9QJzHpbdaz8+euXHhCEOAjZCVIlpmv3Pmj9V+PglyR5qdwJNcWZZV6grWhJc7h3P+zVPIIroSlEYXGrvTiVTTvobtrAIG9Zw2T4k35KEXyc7EEVl3iJXRd38afUcym4/2OqSxBa8eFlJXEWtqKZVmGG2SW9rlcIgCPZ5blPWnl1TsKuuz4ll2SM394sdFlpEmmXHoEG7REII1jTkALbl7kPvHoa3e4aKrU/D/FuTbIVsU1ZvokYXo8cImbJdMclk3Jy8/PPBhDLgbZberM5fOhjOEC50Q==",
        "size": 4096,
        "type": "rsa"
    }
}

 

After generating a keypair, you will typically then use authorized_key to append the public certificate to authorized_keys files on target servers.

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter c20809 in the box below so that we can be sure you are a human.