mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add ssh_config module option for identities_only (#7704)
* Add ssh_config module option for identities_only * Add changelog fragment for 7704 * remove trailing whitespace * Apply suggestions from code review Documentation change suggestions from felixfontein Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Michael Finney <michael.finney@tpwd.texas.gov> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
mjfinney
GitHub
parent
5e5e1963c3
commit
6c1eb77f18
3 changed files with 31 additions and 0 deletions
|
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- ssh_config - new feature to set ``IdentitiesOnly`` option to ``yes`` or ``no`` (https://github.com/ansible-collections/community.general/pull/7704).
|
||||||
|
|
@ -72,6 +72,15 @@ options:
|
||||||
when connecting to this host.
|
when connecting to this host.
|
||||||
- File need to exist and have mode V(0600) to be valid.
|
- File need to exist and have mode V(0600) to be valid.
|
||||||
type: path
|
type: path
|
||||||
|
identities_only:
|
||||||
|
description:
|
||||||
|
- Specifies that SSH should only use the configured authentication
|
||||||
|
identity and certificate files (either the default files, or
|
||||||
|
those explicitly configured in the C(ssh_config) files or passed on
|
||||||
|
the ssh command-line), even if ssh-agent or a PKCS11Provider or
|
||||||
|
SecurityKeyProvider offers more identities.
|
||||||
|
type: bool
|
||||||
|
version_added: 8.2.0
|
||||||
user_known_hosts_file:
|
user_known_hosts_file:
|
||||||
description:
|
description:
|
||||||
- Sets the user known hosts file option.
|
- Sets the user known hosts file option.
|
||||||
|
|
@ -250,6 +259,7 @@ class SSHConfig(object):
|
||||||
hostname=self.params.get('hostname'),
|
hostname=self.params.get('hostname'),
|
||||||
port=self.params.get('port'),
|
port=self.params.get('port'),
|
||||||
identity_file=self.params.get('identity_file'),
|
identity_file=self.params.get('identity_file'),
|
||||||
|
identities_only=convert_bool(self.params.get('identities_only')),
|
||||||
user=self.params.get('remote_user'),
|
user=self.params.get('remote_user'),
|
||||||
strict_host_key_checking=self.params.get('strict_host_key_checking'),
|
strict_host_key_checking=self.params.get('strict_host_key_checking'),
|
||||||
user_known_hosts_file=self.params.get('user_known_hosts_file'),
|
user_known_hosts_file=self.params.get('user_known_hosts_file'),
|
||||||
|
|
@ -348,6 +358,7 @@ def main():
|
||||||
hostname=dict(type='str'),
|
hostname=dict(type='str'),
|
||||||
host_key_algorithms=dict(type='str', no_log=False),
|
host_key_algorithms=dict(type='str', no_log=False),
|
||||||
identity_file=dict(type='path'),
|
identity_file=dict(type='path'),
|
||||||
|
identities_only=dict(type='bool'),
|
||||||
port=dict(type='str'),
|
port=dict(type='str'),
|
||||||
proxycommand=dict(type='str', default=None),
|
proxycommand=dict(type='str', default=None),
|
||||||
proxyjump=dict(type='str', default=None),
|
proxyjump=dict(type='str', default=None),
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -50,6 +51,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -72,6 +74,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -98,6 +101,7 @@
|
||||||
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -110,6 +114,7 @@
|
||||||
forward_agent: false
|
forward_agent: false
|
||||||
add_keys_to_agent: false
|
add_keys_to_agent: false
|
||||||
host_key_algorithms: "+ssh-ed25519"
|
host_key_algorithms: "+ssh-ed25519"
|
||||||
|
identities_only: false
|
||||||
controlmaster: no
|
controlmaster: no
|
||||||
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
||||||
controlpersist: "600"
|
controlpersist: "600"
|
||||||
|
|
@ -134,6 +139,7 @@
|
||||||
forward_agent: false
|
forward_agent: false
|
||||||
add_keys_to_agent: false
|
add_keys_to_agent: false
|
||||||
host_key_algorithms: "+ssh-ed25519"
|
host_key_algorithms: "+ssh-ed25519"
|
||||||
|
identities_only: false
|
||||||
controlmaster: no
|
controlmaster: no
|
||||||
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
||||||
controlpersist: "600"
|
controlpersist: "600"
|
||||||
|
|
@ -161,6 +167,7 @@
|
||||||
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -193,6 +200,7 @@
|
||||||
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -243,6 +251,7 @@
|
||||||
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -263,6 +272,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -296,6 +306,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -318,6 +329,7 @@
|
||||||
forward_agent: true
|
forward_agent: true
|
||||||
add_keys_to_agent: true
|
add_keys_to_agent: true
|
||||||
host_key_algorithms: "+ssh-rsa"
|
host_key_algorithms: "+ssh-rsa"
|
||||||
|
identities_only: true
|
||||||
controlmaster: "auto"
|
controlmaster: "auto"
|
||||||
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
controlpath: "~/.ssh/sockets/%r@%h-%p"
|
||||||
controlpersist: yes
|
controlpersist: yes
|
||||||
|
|
@ -344,6 +356,7 @@
|
||||||
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-rsa' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster auto' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist yes' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -356,6 +369,7 @@
|
||||||
forward_agent: false
|
forward_agent: false
|
||||||
add_keys_to_agent: false
|
add_keys_to_agent: false
|
||||||
host_key_algorithms: "+ssh-ed25519"
|
host_key_algorithms: "+ssh-ed25519"
|
||||||
|
identities_only: false
|
||||||
controlmaster: no
|
controlmaster: no
|
||||||
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
||||||
controlpersist: "600"
|
controlpersist: "600"
|
||||||
|
|
@ -380,6 +394,7 @@
|
||||||
forward_agent: false
|
forward_agent: false
|
||||||
add_keys_to_agent: false
|
add_keys_to_agent: false
|
||||||
host_key_algorithms: "+ssh-ed25519"
|
host_key_algorithms: "+ssh-ed25519"
|
||||||
|
identities_only: false
|
||||||
controlmaster: no
|
controlmaster: no
|
||||||
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
controlpath: "~/.ssh/new-sockets/%r@%h-%p"
|
||||||
controlpersist: "600"
|
controlpersist: "600"
|
||||||
|
|
@ -407,6 +422,7 @@
|
||||||
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -439,6 +455,7 @@
|
||||||
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster no' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/new-sockets/%r@%h-%p' in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist 600' in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
@ -489,6 +506,7 @@
|
||||||
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
|
- "'forwardagent no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
|
- "'addkeystoagent no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
|
- "'hostkeyalgorithms +ssh-ed25519' not in slurp_ssh_config['content'] | b64decode"
|
||||||
|
- "'identitiesonly no' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlmaster auto' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlpath ~/.ssh/sockets/%r@%h-%p' not in slurp_ssh_config['content'] | b64decode"
|
||||||
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"
|
- "'controlpersist yes' not in slurp_ssh_config['content'] | b64decode"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue