Sounds legit and works. But isn't "StrictHostKeyChecking=no" dangerous? (To
not start a religious war here :))
Nico Kadel-Garcia schrieb am Freitag, 24. März 2023 um 23:44:06 UTC+1:
> On Fri, Mar 24, 2023 at 8:37 AM 'Neil Young' via Ansible Project
> <ansible...@googlegroups.com> wrote:
> >
> > OK, maybe a solution (workaround?)
> >
> > I got another error message later, which clarified the failing command:
> >
> > FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote
> g...@github.com:xxxxxxxxxxx.git -h refs/heads/HEAD", "
> >
> > So I ssh'ed to the machine and issued exactly this command:
> >
> > The response lead me to an offending, but not obvious "known_host" entry
> (which obviously described "github.com"), maybe left by "ssh-agent" (hmm,
> didn't know that. Shouldn't be left there I guess).
> >
> > Warning: the ECDSA host key for 'github.com' differs from the key for
> the IP address '140.82.121.3'
> >
> > Offending key for IP in /home/ubuntu/.ssh/known_hosts:2
>
> And *this* is why relying on known_hosts has caused more failures of
> working software than prevention of faked host access since SSH was
> originally written.
>
> The typical entry to disable it in ~/.ssh/config is:
>
> Host *
> UserKnownHostsFile /dev/null
> StrictHostKeyChecking no
> LogLevel error
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/387ec54e-74ff-45ed-b468-4ee6201512cbn%40googlegroups.com.
