Do not hardcode default ssh key size for RSA (#4074)

By default, ssh-keygen will pick a suitable default for ssh keys
for all type of keys. By hardocing the number of bits to the
RSA default, we make life harder for people picking Elliptic
Curve keys, so this commit make ssh-keygen use its own default
unless specificed otherwise by the playbook
pull/18777/head
Michael Scherer 8 years ago committed by Matt Clay
parent b06f3bbb22
commit 3c2110215c

@ -149,7 +149,7 @@ options:
This will B(not) overwrite an existing SSH key. This will B(not) overwrite an existing SSH key.
ssh_key_bits: ssh_key_bits:
required: false required: false
default: 2048 default: default set by ssh-keygen
version_added: "0.9" version_added: "0.9"
description: description:
- Optionally specify number of bits in SSH key to create. - Optionally specify number of bits in SSH key to create.
@ -602,6 +602,7 @@ class User(object):
cmd = [self.module.get_bin_path('ssh-keygen', True)] cmd = [self.module.get_bin_path('ssh-keygen', True)]
cmd.append('-t') cmd.append('-t')
cmd.append(self.ssh_type) cmd.append(self.ssh_type)
if self.ssh_bits > 0:
cmd.append('-b') cmd.append('-b')
cmd.append(self.ssh_bits) cmd.append(self.ssh_bits)
cmd.append('-C') cmd.append('-C')
@ -2025,7 +2026,7 @@ class HPUX(User):
def main(): def main():
ssh_defaults = { ssh_defaults = {
'bits': '2048', 'bits': 0,
'type': 'rsa', 'type': 'rsa',
'passphrase': None, 'passphrase': None,
'comment': 'ansible-generated on %s' % socket.gethostname() 'comment': 'ansible-generated on %s' % socket.gethostname()
@ -2057,7 +2058,7 @@ def main():
append=dict(default='no', type='bool'), append=dict(default='no', type='bool'),
# following are specific to ssh key generation # following are specific to ssh key generation
generate_ssh_key=dict(type='bool'), generate_ssh_key=dict(type='bool'),
ssh_key_bits=dict(default=ssh_defaults['bits'], type='str'), ssh_key_bits=dict(default=ssh_defaults['bits'], type='int'),
ssh_key_type=dict(default=ssh_defaults['type'], type='str'), ssh_key_type=dict(default=ssh_defaults['type'], type='str'),
ssh_key_file=dict(default=None, type='path'), ssh_key_file=dict(default=None, type='path'),
ssh_key_comment=dict(default=ssh_defaults['comment'], type='str'), ssh_key_comment=dict(default=ssh_defaults['comment'], type='str'),

Loading…
Cancel
Save