ssh-key-exists

Example:

# Create an ssh key with empty password for the current user.
- ssh-key-exists:
    path: /home/markus/.ssh/id_rsa

Description

Ensures an ssh key exists for a user.

If the ssh key already exists, the password argument is ignored.

Variables

Name Type Default Description

bits

integer 4096

The number of bits in the key to create.

key_type

string ed25519

The type of key to create.

password

string --

The password to unlock the key (only used if key doesn't exist already).

path

string ~/.ssh/id_

The absolute path to the private ssh key. The key type token (e.g. rsa) will be added.

The path to the public key will be infered (added '.pub').

user

string --

The name of the ssh key owner.

Examples

Example 1

Create an ssh key with empty password for the current user.

Code
- ssh-key-exists:
    path: /home/markus/.ssh/id_rsa
Description

The path needs to be provided as absolute, relative paths won't work (yet).

Example 2

Create an ssh key for the 'admin' user (create user if necessary), use password: 'password123' to encrypt the key.

Code
- ssh-key-exists:
    path: /home/admin/.ssh/id_rsa
    user: admin
    password: password123

Code

doc:
  short_help: Ensures an ssh key exists for a user.
  help: |
    Ensures an ssh key exists for a user.

    If the ssh key already exists, the password argument is ignored.
  examples:
  - title: Create an ssh key with empty password for the current user.
    desc: |
      The path needs to be provided as absolute, relative paths won't work (yet).
    vars:
      path: /home/markus/.ssh/id_rsa
  - title: "Create an ssh key for the 'admin' user (create user if necessary), use\
      \ password: 'password123' to encrypt the key."
    vars:
      path: /home/admin/.ssh/id_rsa
      user: admin
      password: password123

args:
  user:
    doc:
      short_help: The name of the ssh key owner.
    type: string
    required: false
  path:
    doc:
      short_help: The (absolute!) path (without key_type token) to the (private) ssh
        key.
      help: |
        The absolute path to the private ssh key. The key type token (e.g. rsa) will be added.

        The path to the public key will be infered (added '.pub').
    type: string
    default: ~/.ssh/id_
    required: true
  password:
    doc:
      short_help: The password to unlock the key (only used if key doesn't exist already).
    type: string
    required: false
    secret: true
  bits:
    doc:
      short_help: The number of bits in the key to create.
    type: integer
    default: 4096
    cli:
      param_decls:
      - --bits
      - -b
  key_type:
    doc:
      short_help: The type of key to create.
    type: string
    allowed:
    - dsa
    - ecdsa
    - ed25519
    - rsa
    default: ed25519
    cli:
      param_decls:
      - --key-type
      - -t

frecklets:
- parent-folder-exists:
    path: '{{:: path ::}}'
    owner: '{{:: user ::}}'
    mode: '0700'
- frecklet:
    name: shell
    type: ansible-module
    desc:
      short: 'create ssh key (if necessary): {{:: path ::}}{{:: key_type ::}}'
      long: |
        Check if private key file '{{:: path ::}}{{:: key_type ::}}' exists. If it does, do nothing.

        If it does not exist, execute command:

            ssh-keygen -q -t {{:: key_type ::}} -b {{:: bits ::}} -f {{:: path ::}}{{:: key_type ::}} -C "" -N "{%:: if password ::%}<secret password>{%:: endif ::%}"

        This will create 2 files:

          - {{:: path ::}} (private key)
          - {{:: path ::}}.pub (public key)

      references:
        ssh-keygen man page: https://man.openbsd.org/ssh-keygen
        ssh primer: https://frkl.io/blog/ssh-primer/
  task:
    become: '{{:: user | false_if_empty ::}}'
    become_user: '{{:: user ::}}'
  vars:
    free_form: 'ssh-keygen -q -t {{:: key_type ::}} -b {{:: bits ::}} -f {{:: path
      ::}}{{:: key_type ::}} -C "" -N "{{:: password ::}}"'
    creates: '{{:: path ::}}'
frecklecute ssh-key-exists --help

Usage: frecklecute ssh-key-exists [OPTIONS]

  Ensures an ssh key exists for a user.

  If the ssh key already exists, the password argument is ignored.

Options:
  -b, --bits BITS          The number of bits in the key to create.
  -t, --key-type KEY_TYPE  The type of key to create.
  --password PASSWORD      The password to unlock the key (only used if key
                           doesn't exist already).
  --path PATH              The (absolute!) path (without key_type token) to
                           the (private) ssh key.
  --user USER              The name of the ssh key owner.
  --help                   Show this message and exit.
# -*- coding: utf-8 -*-


#
# module path: pycklets.ssh_key_exists.SshKeyExists
#


from dataclasses import dataclass
from pyckles import AutoPycklet
from typing import *    # noqa

@dataclass
class SshKeyExists(AutoPycklet):
    """Ensures an ssh key exists for a user.

     If the ssh key already exists, the password argument is ignored.

       Args:
         bits: The number of bits in the key to create.
         key_type: The type of key to create.
         password: The password to unlock the key (only used if key doesn't exist already).
         path: The (absolute!) path (without key_type token) to the (private) ssh key.
         user: The name of the ssh key owner.

    """

    FRECKLET_ID = "ssh-key-exists"

    bits: int = None
    key_type: str = None
    password: str = None
    path: str = None
    user: str = None


    def __post_init__(self):
        super(SshKeyExists, self).__init__(var_names=["bits", "key_type", "password", "path", "user"])


frecklet_class = SshKeyExists
# -*- coding: utf-8 -*-


#
# module path: pycklets.ssh_key_exists.SshKeyExists
#


from pyckles import AutoPycklet

class SshKeyExists(AutoPycklet):
    """Ensures an ssh key exists for a user.

     If the ssh key already exists, the password argument is ignored.

       Args:
         bits: The number of bits in the key to create.
         key_type: The type of key to create.
         password: The password to unlock the key (only used if key doesn't exist already).
         path: The (absolute!) path (without key_type token) to the (private) ssh key.
         user: The name of the ssh key owner.

    """

    FRECKLET_ID = "ssh-key-exists"

    def __init__(self, bits=4096, key_type="ed25519", password=None, path="~/.ssh/id_", user=None):

        super(SshKeyExists, self).__init__(var_names=["bits", "key_type", "password", "path", "user"])
        self._bits = bits
        self._key_type = key_type
        self._password = password
        self._path = path
        self._user = user

    @property
    def bits(self):
        return self._bits

    @bits.setter
    def bits(self, bits):
        self._bits = bits

    @property
    def key_type(self):
        return self._key_type

    @key_type.setter
    def key_type(self, key_type):
        self._key_type = key_type

    @property
    def password(self):
        return self._password

    @password.setter
    def password(self, password):
        self._password = password

    @property
    def path(self):
        return self._path

    @path.setter
    def path(self, path):
        self._path = path

    @property
    def user(self):
        return self._user

    @user.setter
    def user(self, user):
        self._user = user



frecklet_class = SshKeyExists