Steps:
Create VM, ansible runs correctly
vagrant up --provider=virtualbox
Ansible has added the host key into ~/.ssh/known_hosts
, if you've used this
box before it may be in there a few times.
This issue only occurs when host keys change, this can happen when the box does not come with a pre-generated host key.
Lets simulate this by changing the cached host key we have on our host machine.
vim ~/.ssh/known_hosts
# change one character of the base64 host key
To ensure we're getting a fresh connection, be sure to kill the ControlMaster persistent connection left over from the previous run.
pkill -f 'ansible-ssh'
Now, when we provision the host key won't match, but
-o StrictHostKeyChecking=no
allows us to keep going.
vagrant provision
However, the SSH_AUTH_SOCK variable is now missing!
This turns out to be a slightly mysterious setting from openssh, which we can see if we run the ssh command manually and watch the verbose output.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3.
Please contact your system administrator.
Add correct host key in /Users/glen/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/glen/.ssh/known_hosts:52
Challenge/response authentication is disabled to avoid man-in-the-middle attacks.
Agent forwarding is disabled to avoid man-in-the-middle attacks.
Setting UserKnownHostsFile
to /dev/null
works around this.