Sounds legit and works. But isn't "StrictHostKeyChecking=no" dangerous? (To not start a religious war here :))
Nico Kadel-Garcia schrieb am Freitag, 24. März 2023 um 23:44:06 UTC+1: > On Fri, Mar 24, 2023 at 8:37 AM 'Neil Young' via Ansible Project > <[email protected]> wrote: > > > > OK, maybe a solution (workaround?) > > > > I got another error message later, which clarified the failing command: > > > > FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote > [email protected]:xxxxxxxxxxx.git -h refs/heads/HEAD", " > > > > So I ssh'ed to the machine and issued exactly this command: > > > > The response lead me to an offending, but not obvious "known_host" entry > (which obviously described "github.com"), maybe left by "ssh-agent" (hmm, > didn't know that. Shouldn't be left there I guess). > > > > Warning: the ECDSA host key for 'github.com' differs from the key for > the IP address '140.82.121.3' > > > > Offending key for IP in /home/ubuntu/.ssh/known_hosts:2 > > And *this* is why relying on known_hosts has caused more failures of > working software than prevention of faked host access since SSH was > originally written. > > The typical entry to disable it in ~/.ssh/config is: > > Host * > UserKnownHostsFile /dev/null > StrictHostKeyChecking no > LogLevel error > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/387ec54e-74ff-45ed-b468-4ee6201512cbn%40googlegroups.com.
