Roots Discourse

Provisioning using a ssh config file

Since we share the .PEM key (they are stored in our company’s 1password account) across several computers, I’d like to use an .ssh configuration file.

I therefore created 1 per server. Here is one :

Host domain.org
  HostName domain.org
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/GITHUB/projects/new.domain.org/trellis/ssh_keys/website.pem
  IdentitiesOnly=yes
``` 

then in  `users.yml` I added a pointer to the ssh config file.

```yml
users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - "{{ lookup('file', '~/.ssh/domain.org') }}"

  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - "{{ lookup('file', '~/.ssh/domain.org') }}"

It sort of works: I can provision the server. But then the TASK [users : Add SSH keys] fails

invalid key specified: Host domain.org

I assume Ansible mistakenly uses the config file for the public key file ? Is there a reasonable way to achieve using ssh config files instead of public keys in users.yml ?

Yeah unfortunately you’re correct and it’s just the public key. That uses Ansible’s authorized_key module which only does that. There’s no built-in way to manager SSH configs I think…

Only custom solution I found: https://www.trustedsec.com/blog/generating-ssh-config-files-with-ansible/