On Sat, Mar 25, 2023 at 2:24 AM 'Neil Young' via Ansible Project <[email protected]> wrote: > > Sounds legit and works. But isn't "StrictHostKeyChecking=no" dangerous? (To > not start a religious war here :))
There is an increased risk. The risk of needing to clean up from reset host keys is also a significant one, and tuning and picking which keys are and are without that filter is a burden. Tools like ansible can, in theory, provide just such tuning on a server-by-server and SSH-service by SSH-service basis. But I've several times encountered git server setups where the admin copied over the Host's private keys, but not the exposed git related SSH service's keys because he *did not understand the distinction*, and it's seriously screwed up working setups both for the Ansible server and the clients. Manually insertinig the options into all the SSH commands eliminates those checks on a case-by-case basis, but frankly, I have a day job, not the time to go implant the workaround into every developer's SSH command line settings. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAOCN9ryTGixQioeW2%2Badz2vKfzHJoVCnvDgZRZKyEzGJ4j%3DMyw%40mail.gmail.com.
