Hi,
I am trying to deploy software from git to a machine which I am managing with Ansible. I am using SSH agent forwarding for authentication. If I log in as the user and connect to the repository host, everything works just like it should. I can make use of the key I am using from the management host. Installing that same key in /etc/ssh/ssh_known_hosts or ~user/.ssh/known_hosts for the user who is supposed to actually execute git, results in this error message: msg: repo.example.com has an unknown hostkey. Set accept_hostkey to True or manually add the hostkey prior to running the git module Installing the key as described in the manual by using ssh-keyscan makes it work, but is ineffective as a security measure. If I need to check the host key to begin with, I cannot rely on DNS, which I use in the git URL, to get it. Getting it from the machine that I am going to check from does not make me feel secure as it would only guard against DNS or routing tampering during the probably short time window between getting the key by scanning it, then checking it during the git operation. The case for setting 'accept_hostkey=yes' is even less compelling if you are managing hosts across the Internet, as I do. It would be great if this functionality would be a bit more versatile and robust. Thank you, --Toni++ -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20141219153031.GA28742%40lappi1.office.oeko.net. For more options, visit https://groups.google.com/d/optout.
