1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add ssh_config module option for identities_only (#7704)

* Add ssh_config module option for identities_only

* Add changelog fragment for 7704

* remove trailing whitespace

* Apply suggestions from code review

Documentation change suggestions from felixfontein

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Michael Finney <michael.finney@tpwd.texas.gov>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
mjfinney 2023-12-17 08:14:24 -06:00 committed by GitHub
parent 5e5e1963c3
commit 6c1eb77f18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 0 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- ssh_config - new feature to set ``IdentitiesOnly`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7704).

View file

@ -72,6 +72,15 @@ options:
when connecting to this host. when connecting to this host.
- File need to exist and have mode V(0600) to be valid. - File need to exist and have mode V(0600) to be valid.
type: path type: path
identities_only:
description:
- Specifies that SSH should only use the configured authentication
identity and certificate files (either the default files, or
those explicitly configured in the C(ssh_config) files or passed on
the ssh command-line), even if ssh-agent or a PKCS11Provider or
SecurityKeyProvider offers more identities.
type: bool
version_added: 8.2.0
user_known_hosts_file: user_known_hosts_file:
description: description:
- Sets the user known hosts file option. - Sets the user known hosts file option.
@ -250,6 +259,7 @@ class SSHConfig(object):
hostname=self.params.get('hostname'), hostname=self.params.get('hostname'),
port=self.params.get('port'), port=self.params.get('port'),
identity_file=self.params.get('identity_file'), identity_file=self.params.get('identity_file'),
identities_only=convert_bool(self.params.get('identities_only')),
user=self.params.get('remote_user'), user=self.params.get('remote_user'),
strict_host_key_checking=self.params.get('strict_host_key_checking'), strict_host_key_checking=self.params.get('strict_host_key_checking'),
user_known_hosts_file=self.params.get('user_known_hosts_file'), user_known_hosts_file=self.params.get('user_known_hosts_file'),
@ -348,6 +358,7 @@ def main():
hostname=dict(type='str'), hostname=dict(type='str'),
host_key_algorithms=dict(type='str', no_log=False), host_key_algorithms=dict(type='str', no_log=False),
identity_file=dict(type='path'), identity_file=dict(type='path'),
identities_only=dict(type='bool'),
port=dict(type='str'), port=dict(type='str'),
proxycommand=dict(type='str', default=None), proxycommand=dict(type='str', default=None),
proxyjump=dict(type='str', default=None), proxyjump=dict(type='str', default=None),

View file

@ -17,6 +17,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -50,6 +51,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -72,6 +74,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -98,6 +101,7 @@
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode" - "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly yes' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode" - "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode" - "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
@ -110,6 +114,7 @@
forward_agent: false forward_agent: false
add_keys_to_agent: false add_keys_to_agent: false
host_key_algorithms: "+ssh-ed25519" host_key_algorithms: "+ssh-ed25519"
identities_only: false
controlmaster: no controlmaster: no
controlpath: "~/.ssh/new-sockets/%r@%h-%p" controlpath: "~/.ssh/new-sockets/%r@%h-%p"
controlpersist: "600" controlpersist: "600"
@ -134,6 +139,7 @@
forward_agent: false forward_agent: false
add_keys_to_agent: false add_keys_to_agent: false
host_key_algorithms: "+ssh-ed25519" host_key_algorithms: "+ssh-ed25519"
identities_only: false
controlmaster: no controlmaster: no
controlpath: "~/.ssh/new-sockets/%r@%h-%p" controlpath: "~/.ssh/new-sockets/%r@%h-%p"
controlpersist: "600" controlpersist: "600"
@ -161,6 +167,7 @@
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode" - "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode" - "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
@ -193,6 +200,7 @@
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode" - "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode" - "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
@ -243,6 +251,7 @@
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' not in slurp_ssh_config['content'] | b64decode"
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode" - "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode" - "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"
@ -263,6 +272,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -296,6 +306,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -318,6 +329,7 @@
forward_agent: true forward_agent: true
add_keys_to_agent: true add_keys_to_agent: true
host_key_algorithms: "+ssh-rsa" host_key_algorithms: "+ssh-rsa"
identities_only: true
controlmaster: "auto" controlmaster: "auto"
controlpath: "~/.ssh/sockets/%r@%h-%p" controlpath: "~/.ssh/sockets/%r@%h-%p"
controlpersist: yes controlpersist: yes
@ -344,6 +356,7 @@
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode" - "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly yes' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode" - "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode" - "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
@ -356,6 +369,7 @@
forward_agent: false forward_agent: false
add_keys_to_agent: false add_keys_to_agent: false
host_key_algorithms: "+ssh-ed25519" host_key_algorithms: "+ssh-ed25519"
identities_only: false
controlmaster: no controlmaster: no
controlpath: "~/.ssh/new-sockets/%r@%h-%p" controlpath: "~/.ssh/new-sockets/%r@%h-%p"
controlpersist: "600" controlpersist: "600"
@ -380,6 +394,7 @@
forward_agent: false forward_agent: false
add_keys_to_agent: false add_keys_to_agent: false
host_key_algorithms: "+ssh-ed25519" host_key_algorithms: "+ssh-ed25519"
identities_only: false
controlmaster: no controlmaster: no
controlpath: "~/.ssh/new-sockets/%r@%h-%p" controlpath: "~/.ssh/new-sockets/%r@%h-%p"
controlpersist: "600" controlpersist: "600"
@ -407,6 +422,7 @@
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode" - "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode" - "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
@ -439,6 +455,7 @@
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode" - "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode" - "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
@ -489,6 +506,7 @@
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode" - "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode" - "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode" - "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
- "'identitiesonly no' not in slurp_ssh_config['content'] | b64decode"
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode" - "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode" - "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode" - "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"