Use cryptography backend for openssh_keypair
With default "auto" backend, opensshbin is first pick, which fails to read a key in case of insecure permissions. This makes task fail in case private key in topic has mode different from 0600, even if different mode specified for the module itself [1]. Along with switching backend we also adding mode key to be supported [1] https://github.com/ansible-collections/community.crypto/issues/564 Change-Id: I9444ef832136783bde1eff5425e4cd369f905a5c
This commit is contained in:
parent
145fd7a1e6
commit
1dbc2985d3
@ -28,6 +28,8 @@
|
||||
size: "{{ kp.size | default(omit) }}"
|
||||
type: "{{ kp.type | default(omit) }}"
|
||||
path: "{{ kp_dir ~ '/' ~ kp['name'] }}"
|
||||
mode: "{{ kp.mode | default(omit) }}"
|
||||
backend: cryptography
|
||||
register: kp_keys
|
||||
|
||||
- name: Generate an OpenSSH user certificate for {{ kp['name'] }}
|
||||
|
Loading…
Reference in New Issue
Block a user