Ignore Ansible SSH Host Key Checking - Ansible configuration
How to avoid the SSH Host Key checking at the beginning of every Ansible execution in our laboratory, CI/CD pipeline, or cloud computing provider.


How to Ignore Ansible SSH Host Key Checking?
I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.
SSH Host Key
% ssh [email protected] The authenticity of host ‘demo.example.com (192.168.0.190)’ can’t be established. RSA key fingerprint is SHA256:42JErOjO9fKNNBapEEyhpfTNn+rt8SPNob00uRlmqRs. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])?
A host key is a cryptographic key used for authenticating computers in the SSH protocol. Host keys are normally generated automatically when OpenSSH is first installed or when the computer is first booted. In a production environment is considered a security mechanism to verify our machine has not been altered. However, in a developer laboratory often, we need to destroy our machines often and recreate them. This behavior stops the Ansible execution and requires some manual developer work. We can apply this behavior also in a CI/CD pipeline or cloud computing provider.
Links
The Best Resources For Ansible
Video Course
Printed Book
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Containers and Kubernetes By Examples: 20+ Automation Examples To Automate Containers, Kubernetes and OpenShift
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
- Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios
demo
How to Ignore Ansible SSH Host Key Checking in our Ansible laboratory. I’m going to show how to create a ansible.cfg file to ignore the SSH Host Key Checking at the beginning of the Ansible Playbooks execution.
- ansible.cfg
[defaults]
host_key_checking = False
- ping.yml
---
- name: ping module demo
hosts: all
tasks:
- name: test connection
ansible.builtin.ping:
- inventory
demo.example.com
execution
$ ansible-playbook -i inventory ping.yml
PLAY [ping module demo] *****************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [demo.example.com]
TASK [test connection] ******************************************************************
ok: [demo.example.com]
PLAY RECAP ******************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
idempotency
$ ansible-playbook -i inventory ping.yml
PLAY [ping module demo] *****************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [demo.example.com]
TASK [test connection] ******************************************************************
ok: [demo.example.com]
PLAY RECAP ******************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0
before execution
$ ansible-playbook -i inventory ping.yml
PLAY [ping module demo] *****************************************************************
TASK [Gathering Facts] ******************************************************************
The authenticity of host 'demo.example.com (192.168.0.190)' can't be established.
RSA key fingerprint is SHA256:42JErOjO9fKNNBapEEyhpfTNn+rt8SPNob00uRlmqRs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
after execution
$ ansible-playbook -i inventory ping.yml
PLAY [ping module demo] *****************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [demo.example.com]
TASK [test connection] ******************************************************************
ok: [demo.example.com]
PLAY RECAP ******************************************************************************
demo.example.com : ok=2 changed=0 unreachable=0 failed=0
Recap
Now you know how to ignore SSH Host Key checking with Ansible. You know how to use it based on your use case.
Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate