top of page

Ansible Disable SSH Host Key Check

Very first time when you add a new remote server for being getting manage through ansible automation, you always need to accept ssh host key check manually. By default without accepting this key manually Ansible won't allow you to run any module task on remote server.

Now question is how to make this process disable so that execution process will be smoother for any newly added remote servers.


So lets understand what is the challenge we are talking about and how to solve ?


In this example I have added new remote node ie node2.tecgeek.info to my inventory host group dbserver. After copying public ssh key from Ansible tower to node2.tecgeek.info remote server, when I try to test newly added remote server connectivity using module ping then again it ask me to accept authenticity of host key check as follow.

[root@siddhesh ~]# ansible dbserver -m ping
The authenticity of host 'node2.tecgeek.info (192.168.51.75)' can't be established.
ECDSA key fingerprint is 78:10:0d:df:74:f5:45:24:2e:4a:02:1c:76:98:1d:75.
Are you sure you want to continue connecting (yes/no)?

Practically every-time this is not possible to accept authenticity of remote server when you keep on adding new servers to your host inventory file.

So there are two ways to disable this as follow.

1. Set bash environment variable as follow.

[root@siddhesh ~]# export ANSIBLE_HOST_KEY_CHECKING=FALSE
[root@siddhesh ~]#

This will disable ansible host key checking functionality to false but this will be applicable only till you same session running of your bash. If you restart your console or server then this setting again will get reset to its default ie ANSIBLE_HOST_KEY_CHECKING=TRUE


2. Set this in configuration file of Ansible ie /etc/ansible/ansible.cfg In [default] section of configuration you can set host_key_checking to false.

[root@siddhesh ~]# grep host_key_checking /etc/ansible/ansible.cfg
host_key_checking = False
[root@siddhesh ~]#

This setting will be persistent and can be used to permanently disable host key check. Lets test this now and see if it is really working.

[root@siddhesh ~]# ansible dbserver -m ping
node2.tecgeek.info | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
[root@siddhesh ~]#

As you can see that we got successful response back from remote server without accepting host key.


bottom of page