发表新帖
发表新帖

ansible ssh prompt known_hosts issue

前端 未结
关注
7 1258
甜味超标
甜味超标 2020-12-23 16:25

I\'m running Ansible playbook and it works fine on one machine.

On a new machine when I try for the first time, I get the following error.

17:04:34
7条回答
  • 慢半拍i
    慢半拍i (楼主)
    2020-12-23 17:06

    Disabling host key checking entirely is a bad idea from a security perspective, since it opens you up to man-in-the-middle attacks.

    If you can assume the current network isn't compromised (that is, when you ssh to the machine for the first time and are presented a key, that key is in fact of the machine and not an attacker's), then you can use ssh-keyscan and the shell module to add the new servers' keys to your known hosts file (edit: Stepan's answer does this a better way):

    - name: accept new ssh fingerprints
  shell: ssh-keyscan -H {{ item.public_ip }} >> ~/.ssh/known_hosts
  with_items: ec2.instances

    (Demonstrated here as you would find after ec2 provisioning.)

    0 讨论(0)
 看不清?
提交回复
热议问题