I ran some tests created on vagrant some ssh files and created a authorized_keys with duplicates and tried to add/remove a line that is not a duplicate
the result is that if there is a line to be added/removed from the authorized_keys files the duplicates are also removed if there are no lines found to be removed then nothing happens illustration: authorized keys files notice the publicates in line 1,4,5 line 4 has a different comment line 5 has no comment ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 vagrant@localhost.localdomain ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgAOaG6REJxdsfOQmyLhpQ8Q+j0qNyiUuqlYLk6 /j5M vagrant@localhost.localdomain ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMc8GxolEFe89BjWEnT3fHfqnL5eVMt8aw2ZJ54Iu6dX vagrant@localhost.localdomain ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 ansible ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 this is a playbook to add a new line.. to remove is the same principle ; --- - hosts: localhost gather_facts: false vars: keyfile: "{{ lookup('file', 'test_eckey4.pub') }}" tasks: - name: print keyfile contents debug: msg: "{{ keyfile }}" - name: remove public key authorized_key: path: ./test_authorized_keys user: vagrant state: present key: "{{ keyfile }}" the output ; LAY [localhost] ************************************************************************************************************************************************************************* TASK [print keyfile contents] ************************************************************************************************************************************************************ ok: [localhost] => { "msg": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDn1SXhFU1uZbZKUGRDWHoHovewh5BTIoAqcK/uMf8F0 vagrant@localhost.localdomain" } TASK [remove public key] ***************************************************************************************************************************************************************** --- before: ./test_authorized_keys +++ after: ./test_authorized_keys @@ -1,5 +1,4 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 vagrant@localhost.localdomain ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgAOaG6REJxdsfOQmyLhpQ8Q+ j0qNyiUuqlYLk6/j5M vagrant@localhost.localdomain ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMc8GxolEFe89BjWEnT3fHfqnL5eVMt8aw2ZJ54Iu6dX vagrant@localhost.localdomain -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/tIyl0pLAlNGxjci4lsXjY4 ansible -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDn1SXhFU1uZbZKUGRDWHoHovewh5BTIoAqcK/uMf8F0 vagrant@localhost.localdomain +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwjZJR1W1yJJ7QvfD8ym/ tIyl0pLAlNGxjci4lsXjY4 changed: [localhost] PLAY RECAP ******************************************************************************************************************************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 notice how the lines 1,4,5 are removed.. the requested ssh key is added the llast line form the dupes is readed at the botton of the file this is a neat feature but the fact that there is no documentation at all causes concern if i have to remove a key in a 25 line authrozed key and see that 10 lines are gone. while I only requested one is to be honest baffling I think that what caused concern with the OP rsa keys are not as easy to read than ed25519 HTH. On Thursday, May 28, 2020 at 2:52:08 PM UTC-5, Felix Fontein wrote: > > Hi all, > > > On Thu, 28 May 2020 at 19:31, 'Mario Garcia' via Ansible Project > > <ansible...@googlegroups.com <javascript:>> wrote: > > > > > > I am working on it to provide you an use case.. but. > > > > > > is by any chance the authorizing_file modules sanitizing aka > > > removing duplicates entries on the remote authorized_key file even > > > if it was not in the key string passed to be removed > > > > No, there is no such sanitizing thing. > > I just looked at the code > ( > https://github.com/ansible-collections/ansible.posix/blob/master/plugins/modules/authorized_key.py). > > > It does indeed remove duplicates. It puts all lines of authorized_keys > into a dictionary, indexed by the actual key: > > https://github.com/ansible-collections/ansible.posix/blob/master/plugins/modules/authorized_key.py#L450-L461 > > > The value in the dictionary contains more information so that the file > can be rebuilt - except that duplicate keys won't survive. > > It's probably a good idea to mention that in the module docs. If > someone wants to create a PR for that (it's a good start to trying PRs > for collections!), feel free! > > Cheers, > Felix > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/392ec7aa-0cf4-4b81-a873-fbd2d3dfbeac%40googlegroups.com.