<linkrel="prev"title="community.crypto.openssh_cert module – Generate OpenSSH host or user certificates."href="openssh_cert_module.html"/><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
</head>
<bodyclass="wy-body-for-nav"><!-- extra body elements for Ansible beyond RTD Sphinx Theme -->
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_selfsigned.html">How to create self-signed certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="docsite/guide_ownca.html">How to create a small CA</a></li>
</ul>
<ulclass="current">
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_module.html">community.crypto.acme_account module – Create, modify or delete ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <codeclass="docutils literal notranslate"><spanclass="pre">tls-alpn-01</span></code></a></li>
<liclass="toctree-l1"><aclass="reference internal"href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="certificate_complete_chain_module.html">community.crypto.certificate_complete_chain module – Complete certificate chain given a set of untrusted and root certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<liclass="toctree-l1 current"><aclass="current reference internal"href="#">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a><ul>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_csr_info_module.html">community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_module.html">community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_pipe_module.html">community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_module.html">community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key.</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_module.html">community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_module.html">community.crypto.openssl_signature module – Sign data with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_signature_info_module.html">community.crypto.openssl_signature_info module – Verify signatures with openssl</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_module.html">community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_filter.html">community.crypto.gpg_fingerprint filter – Retrieve a GPG fingerprint from a GPG public or private key</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_privatekey_info_filter.html">community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="openssl_publickey_info_filter.html">community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_certificate_info_filter.html">community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="x509_crl_info_filter.html">community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format</a></li>
<liclass="toctree-l1"><aclass="reference internal"href="gpg_fingerprint_lookup.html">community.crypto.gpg_fingerprint lookup – Retrieve a GPG fingerprint from a GPG public or private key file</a></li>
<liclass="breadcrumb-item active">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</li>
<liclass="wy-breadcrumbs-aside">
<!-- User defined GitHub URL -->
<ahref="https://github.com/ansible-collections/community.crypto/edit/main/plugins/modules/openssh_keypair.py?description=%23%23%23%23%23%20SUMMARY%0A%3C!—%20Your%20description%20here%20–%3E%0A%0A%0A%23%23%23%23%23%20ISSUE%20TYPE%0A-%20Docs%20Pull%20Request%0A%0A%2Blabel:%20docsite_pr"class="fa fa-github"> Edit on GitHub</a>
<h1>community.crypto.openssh_keypair module – Generate OpenSSH private and public keys<aclass="headerlink"href="#community-crypto-openssh-keypair-module-generate-openssh-private-and-public-keys"title="Permalink to this heading"></a></h1>
<p>This module is part of the <aclass="reference external"href="https://galaxy.ansible.com/community/crypto">community.crypto collection</a> (version 2.16.0).</p>
You need further requirements to be able to use this module,
see <aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-requirements"><spanclass="std std-ref">Requirements</span></a> for details.</p>
<p>To use it in a playbook, specify: <codeclass="code docutils literal notranslate"><spanclass="pre">community.crypto.openssh_keypair</span></code>.</p>
<li><p>This module allows one to (re)generate OpenSSH private and public keys. It uses ssh-keygen to generate keys. One can generate <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">rsa</span></code>, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">dsa</span></code>, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">rsa1</span></code>, <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ed25519</span></code> or <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">ecdsa</span></code> private keys.</p></li>
<spanid="ansible-collections-community-crypto-openssh-keypair-module-requirements"></span><h2><aclass="toc-backref"href="#id2"role="doc-backlink">Requirements</a><aclass="headerlink"href="#requirements"title="Permalink to this heading"></a></h2>
<h2><aclass="toc-backref"href="#id3"role="doc-backlink">Parameters</a><aclass="headerlink"href="#parameters"title="Permalink to this heading"></a></h2>
<aclass="ansibleOptionLink"href="#parameter-attributes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-aliases">aliases: attr</span></p>
<td><divclass="ansible-option-cell"><p>The attributes the resulting filesystem object should have.</p>
<p>To get supported flags look at the man page for <em>chattr</em> on the target system.</p>
<p>This string should contain the attributes in the same order as the one displayed by <em>lsattr</em>.</p>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre">=</span></code> operator is assumed as default, otherwise <codeclass="docutils literal notranslate"><spanclass="pre">+</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">-</span></code> operators need to be included in the string.</p>
<aclass="ansibleOptionLink"href="#parameter-backend"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><spanclass="ansible-option-versionadded">added in community.crypto 1.7.0</span></p>
<td><divclass="ansible-option-cell"><p>Selects between the <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">cryptography</span></code> library or the OpenSSH binary <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">opensshbin</span></code>.</p>
<p><codeclass="ansible-value docutils literal notranslate"><spanclass="pre">auto</span></code> will default to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">opensshbin</span></code> unless the OpenSSH binary is not installed or when using <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-passphrase"><spanclass="std std-ref"><spanclass="pre">passphrase</span></span></a></strong></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-comment"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Provides a new comment to the public key.</p>
<aclass="ansibleOptionLink"href="#parameter-force"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Should the key be regenerated even if it already exists</p>
<aclass="ansibleOptionLink"href="#parameter-group"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the group that should own the filesystem object, as would be fed to <em>chown</em>.</p>
<p>When left unspecified, it uses the current group of the current user unless you are root, in which case it can preserve the previous ownership.</p>
<aclass="ansibleOptionLink"href="#parameter-mode"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">any</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The permissions the resulting filesystem object should have.</p>
<p>For those used to <em>/usr/bin/chmod</em> remember that modes are actually octal numbers. You must give Ansible enough information to parse them correctly. For consistent results, quote octal numbers (for example, <codeclass="docutils literal notranslate"><spanclass="pre">'644'</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">'1777'</span></code>) so Ansible receives a string and can do its own conversion from string into number. Adding a leading zero (for example, <codeclass="docutils literal notranslate"><spanclass="pre">0755</span></code>) works sometimes, but can fail in loops and some other circumstances.</p>
<p>Giving Ansible a number without following either of these rules will end up with a decimal number which will have unexpected results.</p>
<p>As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, <codeclass="docutils literal notranslate"><spanclass="pre">u+rwx</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">u=rw,g=r,o=r</span></code>).</p>
<p>If <codeclass="docutils literal notranslate"><spanclass="pre">mode</span></code> is not specified and the destination filesystem object <strong>does not</strong> exist, the default <codeclass="docutils literal notranslate"><spanclass="pre">umask</span></code> on the system will be used when setting the mode for the newly created filesystem object.</p>
<p>If <codeclass="docutils literal notranslate"><spanclass="pre">mode</span></code> is not specified and the destination filesystem object <strong>does</strong> exist, the mode of the existing filesystem object will be used.</p>
<p>Specifying <codeclass="docutils literal notranslate"><spanclass="pre">mode</span></code> is the best way to ensure filesystem objects are created with the correct permissions. See CVE-2020-1736 for further details.</p>
<aclass="ansibleOptionLink"href="#parameter-owner"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the user that should own the filesystem object, as would be fed to <em>chown</em>.</p>
<p>When left unspecified, it uses the current user unless you are root, in which case it can preserve the previous ownership.</p>
<aclass="ansibleOptionLink"href="#parameter-passphrase"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><spanclass="ansible-option-versionadded">added in community.crypto 1.7.0</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Passphrase used to decrypt an existing private key or encrypt a newly generated private key.</p>
<p>Passphrases are not supported for <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-type"><spanclass="std std-ref"><spanclass="pre">type=rsa1</span></span></a></code>.</p>
<p>Can only be used when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-backend"><spanclass="std std-ref"><spanclass="pre">backend=cryptography</span></span></a></code>, or when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-backend"><spanclass="std std-ref"><spanclass="pre">backend=auto</span></span></a></code> and a required <codeclass="docutils literal notranslate"><spanclass="pre">cryptography</span></code> version is installed.</p>
<aclass="ansibleOptionLink"href="#parameter-path"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">path</span> / <spanclass="ansible-option-required">required</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Name of the files containing the public and private key. The file containing the public key will have the extension <codeclass="docutils literal notranslate"><spanclass="pre">.pub</span></code>.</p>
<aclass="ansibleOptionLink"href="#parameter-private_key_format"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><spanclass="ansible-option-versionadded">added in community.crypto 1.7.0</span></p>
<td><divclass="ansible-option-cell"><p>Used when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-backend"><spanclass="std std-ref"><spanclass="pre">backend=cryptography</span></span></a></code> to select a format for the private key at the provided <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-path"><spanclass="std std-ref"><spanclass="pre">path</span></span></a></strong></code>.</p>
<p>When set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">auto</span></code> this module will match the key format of the installed OpenSSH version.</p>
<p>Using this option when <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-regenerate"><spanclass="std std-ref"><spanclass="pre">regenerate=partial_idempotence</span></span></a></code> or <codeclass="ansible-option-value docutils literal notranslate"><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-regenerate"><spanclass="std std-ref"><spanclass="pre">regenerate=full_idempotence</span></span></a></code> will cause a new keypair to be generated if the private key’s format does not match the value of <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-private-key-format"><spanclass="std std-ref"><spanclass="pre">private_key_format</span></span></a></strong></code>. This module will not however convert existing private keys between formats.</p>
<aclass="ansibleOptionLink"href="#parameter-regenerate"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<p><spanclass="ansible-option-versionadded">added in community.crypto 1.0.0</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.</p>
<p>By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this <strong>changed</strong> for Ansible 2.10. For Ansible 2.9, the behavior was as if <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">full_idempotence</span></code> is specified.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">never</span></code>, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">fail</span></code>, the module will fail if the key does not correspond to the module’s options.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">partial_idempotence</span></code>, the key will be regenerated if it does not conform to the module’s options. The key is <strong>not</strong> regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">full_idempotence</span></code>, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a <strong>backup</strong> when using this option!</p>
<p>If set to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">always</span></code>, the module will always regenerate the key. This is equivalent to setting <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-force"><spanclass="std std-ref"><spanclass="pre">force</span></span></a></strong></code> to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code>.</p>
<p>Note that adjusting the comment and the permissions can be changed without regeneration. Therefore, even for <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">never</span></code>, the task can result in changed.</p>
<aclass="ansibleOptionLink"href="#parameter-selevel"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The level part of the SELinux filesystem object context.</p>
<p>This is the MLS/MCS attribute, sometimes known as the <codeclass="docutils literal notranslate"><spanclass="pre">range</span></code>.</p>
<p>When set to <codeclass="docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">level</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-serole"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The role part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">role</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-setype"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The type part of the SELinux filesystem object context.</p>
<p>When set to <codeclass="docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">type</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-seuser"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The user part of the SELinux filesystem object context.</p>
<p>By default it uses the <codeclass="docutils literal notranslate"><spanclass="pre">system</span></code> policy, where applicable.</p>
<p>When set to <codeclass="docutils literal notranslate"><spanclass="pre">_default</span></code>, it will use the <codeclass="docutils literal notranslate"><spanclass="pre">user</span></code> portion of the policy if available.</p>
<aclass="ansibleOptionLink"href="#parameter-size"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Specifies the number of bits in the private key to create. For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, size determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will cause this module to fail. Ed25519 keys have a fixed length and the size will be ignored.</p>
<aclass="ansibleOptionLink"href="#parameter-state"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Whether the private and public keys should exist or not, taking action if the state is different from what is stated.</p>
<aclass="ansibleOptionLink"href="#parameter-type"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
<td><divclass="ansible-option-cell"><p>The algorithm used to generate the SSH private key. <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">rsa1</span></code> is for protocol version 1. <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">rsa1</span></code> is deprecated and may not be supported by every version of ssh-keygen.</p>
<aclass="ansibleOptionLink"href="#parameter-unsafe_writes"title="Permalink to this option"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">boolean</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Influence when to use atomic operation to prevent data corruption or inconsistent reads from the target filesystem object.</p>
<p>By default this module uses atomic operations to prevent data corruption or inconsistent reads from the target filesystem objects, but sometimes systems are configured or just broken in ways that prevent this. One example is docker mounted filesystem objects, which cannot be updated atomically from inside the container and can only be written in an unsafe manner.</p>
<p>This option allows Ansible to fall back to unsafe methods of updating filesystem objects when atomic operations fail (however, it doesn’t force Ansible to perform unsafe writes).</p>
<p>IMPORTANT! Unsafe writes are subject to race conditions and can lead to data corruption.</p>
<h2><aclass="toc-backref"href="#id4"role="doc-backlink">Attributes</a><aclass="headerlink"href="#attributes"title="Permalink to this heading"></a></h2>
<td><divclass="ansible-option-cell"><p>Can run in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code> and return changed status prediction without modifying target.</p>
<td><divclass="ansible-option-cell"><p>Will return details on what has changed (or possibly needs changing in <codeclass="docutils literal notranslate"><spanclass="pre">check_mode</span></code>), when in diff mode.</p>
<li><p>In case the ssh key is broken or password protected, the module will fail. Set the <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-force"><spanclass="std std-ref"><spanclass="pre">force</span></span></a></strong></code> option to <codeclass="ansible-value docutils literal notranslate"><spanclass="pre">true</span></code> if you want to regenerate the keypair.</p></li>
<li><p>In the case a custom <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-mode"><spanclass="std std-ref"><spanclass="pre">mode</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-group"><spanclass="std std-ref"><spanclass="pre">group</span></span></a></strong></code>, <codeclass="ansible-option docutils literal notranslate"><strong><aclass="reference internal"href="#ansible-collections-community-crypto-openssh-keypair-module-parameter-owner"><spanclass="std std-ref"><spanclass="pre">owner</span></span></a></strong></code>, or other file attribute is provided it will be applied to both key files.</p></li>
<divclass="highlight-yaml+jinja notranslate"><divclass="highlight"><pre><span></span><spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa)</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with the default values (4096 bits, rsa) and encrypted private key</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSH rsa keypair with a different size (2048 bits)</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Force regenerate an OpenSSH keypair if it already exists</span>
<spanclass="p p-Indicator">-</span><spanclass="w"></span><spanclass="nt">name</span><spanclass="p">:</span><spanclass="w"></span><spanclass="l l-Scalar l-Scalar-Plain">Generate an OpenSSH keypair with a different algorithm (dsa)</span>
<h2><aclass="toc-backref"href="#id7"role="doc-backlink">Return Values</a><aclass="headerlink"href="#return-values"title="Permalink to this heading"></a></h2>
<p>Common return values are documented <aclass="reference external"href="https://docs.ansible.com/ansible/devel/reference_appendices/common_return_values.html#common-return-values"title="(in Ansible vdevel)"><spanclass="xref std std-ref">here</span></a>, the following are the fields unique to this module:</p>
<aclass="ansibleOptionLink"href="#return-comment"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The comment of the generated key.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<aclass="ansibleOptionLink"href="#return-filename"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Path to the generated SSH private key file.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<aclass="ansibleOptionLink"href="#return-fingerprint"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The fingerprint of the key.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<aclass="ansibleOptionLink"href="#return-public_key"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>The public key of the generated SSH private key.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<aclass="ansibleOptionLink"href="#return-size"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">integer</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Size (in bits) of the SSH private key.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<aclass="ansibleOptionLink"href="#return-type"title="Permalink to this return value"></a><pclass="ansible-option-type-line"><spanclass="ansible-option-type">string</span></p>
</div></td>
<td><divclass="ansible-option-cell"><p>Algorithm used to generate the SSH private key.</p>
<pclass="ansible-option-line"><spanclass="ansible-option-returned-bold">Returned:</span> changed or success</p>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=bug_report.md"aria-role="button"target="_blank"rel="noopener external">Submit a bug report</a>
<ahref="https://github.com/ansible-collections/community.crypto/issues/new?assignees=&labels=&template=feature_request.md"aria-role="button"target="_blank"rel="noopener external">Request a feature</a>
