Re: [ansible-project] Anyone can explain "false" below

Wed, 29 Dec 2021 12:32:14 -0800 

On Wed, Dec 29, 2021 at 11:24 AM Jack Morgan <[email protected]> wrote:
>
> "Set this to “False” if you want to avoid host key checking by the underlying 
> tools Ansible uses to connect to the host" per the link below. Most commonly 
> used for SSH connections.
>
> https://docs.ansible.com/ansible/latest/reference_appendices/config.html

Host key checking is a big problem in many environments where a
disting OS image with distinct SSH keys may wind up assigned a
previously used IP address.

It can be turned for the Ansible server by editing ~/.ssh/config for
the account running ansible on that host, with:

     Host *
         UserKnownHostsFile /dev/null
         StrictHostKeyChecking no
         LogLevel ERROR

I've been suggesting this for complex environments since.... the
1990's, where the "hosts have stable DNS and stable individual keys"
has never been reliable. There have been demands in various
environments to publish or sign host keys, but the bootstrap to get
those keys under management needs a tool like ansible running *first*,
or it becomes a nasty bootstrap operation.





> On 12/29/21 08:10, davidy wrote:
>
> Hi Anyone can explain "false" below. Thank you
>
>
> sudo nano ansible.cfg
> [defaults]
> inventory =  ./hosts
> host_key checking = false
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected].
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/79c9d49b-e09e-475b-8e10-b1ca37ab0541n%40googlegroups.com.
>
> --
> Jack Morgan
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected].
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/d9ac2972-1b8c-6e0e-a728-12d6b0fe7844%40jento.io.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOCN9rwx6%2Bd5TjkA5yVO3nbYhpbcv5q5whjO%3D9_vjJRgG9bahg%40mail.gmail.com.

Reply via email to