AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,100 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example" published by Apress, and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible Troubleshooting SSH Connection Issues

By Luca Berton · Published 2024-01-01 · Category: installation

Learn how to resolve SSH authentication errors in Ansible due to unestablished host authenticity for seamless playbook execution.

Error Overview

When running an Ansible playbook, you may encounter the following error message:

This error indicates a failure in SSH connection due to the inability to establish the authenticity of the host. Below, we provide a detailed explanation of the issue and steps to resolve it.

Error Explanation Warning: ansible-pylibssh not installed, falling back to paramiko • This warning means Ansible is using paramiko for SSH connections because pylibssh is not installed. While paramiko is functional, pylibssh is generally more efficient and secure. Fatal Error: The authenticity of host '10.96.192.10' can't be established. • This error occurs when the SSH client cannot verify the host's identity because the host key is not in the known hosts file.

Solutions

Install pylibssh

Installing pylibssh can improve SSH connection efficiency and security:

Automatically Accept Host Keys

You can configure Ansible to automatically accept host keys by setting the ansible_ssh_common_args variable in your playbook or inventory to disable host key checking. Note that this method can expose you to security risks, such as man-in-the-middle attacks.

Add the following configuration to your ansible.cfg file:

Alternatively, set the ANSIBLE_HOST_KEY_CHECKING environment variable to False:

Manually Add the Host Key

A more secure approach is to manually add the host key to the known hosts file. This can be done by SSHing into the host manually:

When prompted, accept the host key. This will add it to your ~/.ssh/known_hosts file.

Using Ansible's Known Hosts Module

Ansible provides a known_hosts module to manage known hosts. You can use this module to ensure the host key is added before making other connections. Here's an example playbook snippet:

Replace "ssh-ed25519 AAAA..." with the actual host key.

Example Playbook with Host Key Checking Disabled

Here's an example of how to disable host key checking in your playbook:

Conclusion

Choose the solution that best fits your security requirements. Disabling host key checking is quick and easy but less secure. Adding the host key manually or using the known_hosts module is more secure but requires additional setup. Balancing security and convenience is crucial when configuring SSH connections in Ansible.

Related ArticlesAnsible Inventory GuideAnsible Environment Variables Guide

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home