When it comes to automating tasks, efficiency and speed are essential. Ansible, one of the most renowned automation tools, offers various features and tools to ensure this.
However, like all tools, understanding its nuances can make the difference between a smooth deployment and hours of debugging. One such nuance is the host key checking mechanism which can be a hurdle when managing many hosts.
In this tutorial, we will explore the Ansible feature of the host key checking mechanism and, more importantly, learn how to deactivate it.
What Is Ansible Host Key Checking?
Let us start by exploring what is the Ansible host key checking mechanism and how it works.
When we use Ansible to connect to a remote server for the first time, Ansible checks the authenticity of the target host by comparing the server’s SSH key against the list of known hosts.
This is an incredible feature as it plays a vital role against MITM attacks. For example, if unavailable, an attack can intercept the connection to the remote host and gain access to unauthorized data (obviously an oversimplification, but you get the point).
Although host key checking is a powerful and handy tool, it can be a hindrance when dealing with a plethora of remote hosts, especially in dynamic environments where the server IP or SSH key can change frequently, for example, in cloud infrastructure.
To avoid this challenge, turn off the host key checking in your Ansible playbooks and commands.
Disable the Host Key Checking Using the Command Line
The first and most efficient method of turning off the host key checking in Ansible is straight from the command line. We can pass the ANSIBLE_HOST_KEY_CHECKING parameter as follows:
By setting the ANSIBLE_HOST_KEY_CHECKING environment variable to “False”, Ansible skips the check for that particular run.
Disable the Host Key Checking Using the Config File
If you wish to disable the host key checking throughout the Ansible lifetime permanently, we can set the value in the configuration file.
Edit the Ansible configuration file:
Find or add the [defaults] section and finally add or modify the following line:
Save and close the file.
Once we configure this parameter, Ansible skips the host key checking for all playbooks that are executed on the system.
Disable the Host Key Checking Using the User-Specific Configuration
In some cases, you may only wish to disable the host key checking mechanism for a single user. This is where the “.ansible.cfg” comes into play.
Navigate into the directory of the user that you wish to disable. Locate the “.ansible.cfg” or create it if it doesn’t exist.
Similarly, add the previous entry:
host_key_checking = False
Conclusion
We learned about the host key checking mechanism in Ansible. We learned what it does and how we can use the various methods and techniques to disable it.
Point to Note: While disabling the host key checking in Ansible can expedite the tasks in dynamic environments, be mindful of the associated security risks. It’s vital to strike a balance between convenience and security.
