Giters

IBM / Ansible-OpenShift-Provisioning

Automate the deployment of Red Hat OpenShift Container Platform on IBM zSystems (s390x). Automated User-Provisoned Infrastructure (UPI) setup using Kernel-based Virtual Machine (KVM).

Home Page:https://ibm.github.io/Ansible-OpenShift-Provisioning/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ssh_copy_id task not working for hashed hostnamed

RedCarsten opened this issue · comments

commented

If ssh uses the HashKnownHosts yes directive then the entries in the ~/.ssh/known_hosts file do not contain the hostname or IP in clear text.
As a consequence the step

https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/roles/ssh_copy_id/tasks/main.yaml#L7

- name: Delete SSH key from known hosts if it already exists for idempotency
  tags: ssh_copy_id, ssh
  lineinfile:
    path: "~/.ssh/known_hosts"
    search_string: "{{ ssh_target[0] }}"
    state: absent

A solution that works with any config is to run instead:

ssh-keygen -f "~/.ssh/known_hosts" -R "{{ ssh_target[0] }}"

The alternative is to explicitly make sure that hostnames are not hashed, e.g. via the ssh config:

Host *
    HashKnownHosts no

Looks like the default is yes at least for ubuntu 22.04 (in /etc/ssh/ssh_config)