Skip to content

Instantly share code, notes, and snippets.

@shirou

shirou/ssh_keyscan.yml

Last active March 14, 2024 12:16
Show Gist options
  • Star 21 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save shirou/6928012 to your computer and use it in GitHub Desktop.
Save shirou/6928012 to your computer and use it in GitHub Desktop.
Download ZIP
run ssh-keyscan to add keys to known_hosts. This is a playbook for ansible
Raw
ssh_keyscan.yml
---
- hosts: all
gather_facts: no
sudo: no
tasks:
- name: run ssh-keyscan to add keys to known_hosts
local_action: shell ssh-keyscan {{ ansible_ssh_host }} >> ~/.ssh/known_hosts
@DanielDavis5
Copy link

Ditch the pipes.

- name: Scan for SSH host keys.
  local_action:
    module: shell
    cmd: ssh-keyscan 192.168.1.1 2>/dev/null
  changed_when: False
  register: ssh_scan

- name: Update known_hosts.
  local_action:
    module: known_hosts
    key: "{{ item }}"
    name: "{{ ansible_host }}"
  with_items: "{{ ssh_scan.stdout_lines }}"

@oerp-odoo
Copy link

@DanielDavis5 this is a good solution as you don't need to use extra hacks. Though to me it was not working if I was redirecting to /dev/null, all the output would be registered to stderr. If I keep ssh-keyscan some-host only, then it works fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment