authorized_key - Adds or removes an SSH authorized key

Author:Brad Olson

Synopsis

Adds or removes authorized keys for particular user accounts

Options

parameter required default choices comments
key yes
    The SSH public key, as a string
    key_options no
      A string of ssh key options to be prepended to the key in the authorized_keys file (added in Ansible 1.4)
      manage_dir no yes
      • yes
      • no
      Whether this module should manage the directory of the authorized_keys file. Make sure to set manage_dir=no if you are using an alternate directory for authorized_keys set with path, since you could lock yourself out of SSH access. See the example below. (added in Ansible 1.2)
      path no (homedir)+/.ssh/authorized_keys
        Alternate path to the authorized_keys file (added in Ansible 1.2)
        state no present
        • present
        • absent
        Whether the given key (with the given key_options) should or should not be in the file
        user yes
          The username on the remote host whose authorized_keys file will be modified

          Examples


          # Example using key data from a local file on the management machine
          - authorized_key: user=charlie key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
          
          # Using alternate directory locations:
          - authorized_key: user=charlie
                            key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
                            path='/etc/ssh/authorized_keys/charlie'
                            manage_dir=no
          
          # Using with_file
          - name: Set up authorized_keys for the deploy user
            authorized_key: user=deploy
                            key="{{ item }}"
            with_file:
              - public_keys/doe-jane
              - public_keys/doe-john
          
          # Using key_options:
          - authorized_key: user=charlie
                            key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
                            key_options='no-port-forwarding,host="10.0.1.1"'