On Fri, Mar 24, 2023 at 8:37 AM 'Neil Young' via Ansible Project
<[email protected]> wrote:
>
> OK, maybe a solution (workaround?)
>
> I got another error message later, which clarified the failing command:
>
> FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote
> [email protected]:xxxxxxxxxxx.git -h refs/heads/HEAD", "
>
> So I ssh'ed to the machine and issued exactly this command:
>
> The response lead me to an offending, but not obvious "known_host" entry
> (which obviously described "github.com"), maybe left by "ssh-agent" (hmm,
> didn't know that. Shouldn't be left there I guess).
>
> Warning: the ECDSA host key for 'github.com' differs from the key for the IP
> address '140.82.121.3'
>
> Offending key for IP in /home/ubuntu/.ssh/known_hosts:2
And *this* is why relying on known_hosts has caused more failures of
working software than prevention of faked host access since SSH was
originally written.
The typical entry to disable it in ~/.ssh/config is:
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
LogLevel error
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAOCN9rz5d4BGuBM5aWQSYT991p43ogMFBzVS5%3DDi_TXXzq5GPw%40mail.gmail.com.
