ssh_copy_id task not working for hashed hostnamed
RedCarsten opened this issue · comments
If ssh uses the HashKnownHosts yes
directive then the entries in the ~/.ssh/known_hosts
file do not contain the hostname or IP in clear text.
As a consequence the step
https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/roles/ssh_copy_id/tasks/main.yaml#L7
- name: Delete SSH key from known hosts if it already exists for idempotency
tags: ssh_copy_id, ssh
lineinfile:
path: "~/.ssh/known_hosts"
search_string: "{{ ssh_target[0] }}"
state: absent
A solution that works with any config is to run instead:
ssh-keygen -f "~/.ssh/known_hosts" -R "{{ ssh_target[0] }}"
The alternative is to explicitly make sure that hostnames are not hashed, e.g. via the ssh config:
Host *
HashKnownHosts no
Looks like the default is yes
at least for ubuntu 22.04 (in /etc/ssh/ssh_config
)