known_hosts
module lets you add or remove a host keys from the known_hosts
file.Parameter | Choices/Defaults | Comments |
---|---|---|
hash_host boolean |
| Hash the hostname in the known_hosts file |
key - | The SSH public host key, as a string (required if state=present, optional when state=absent, in which case all keys for the host are removed). The key must be in the right format for ssh (see sshd(8), section "SSH_KNOWN_HOSTS FILE FORMAT"). Specifically, the key should not match the format that is found in an SSH pubkey file, but should rather have the hostname prepended to a line that includes the pubkey, the same way that it would appear in the known_hosts file. The value prepended to the line must also match the value of the name parameter. Should be of format `<hostname[,IP]> ssh-rsa <pubkey>` | |
name - / required | The host to add or remove (must match a host specified in key). It will be converted to lowercase so that ssh-keygen can find it. Must match with <hostname> or <ip> present in key attribute. aliases: host | |
path - | Default: "(homedir)+/.ssh/known_hosts" | The known_hosts file to edit |
state - |
|
present to add the host key, absent to remove it. |
- name: tell the host about our servers it might want to ssh to known_hosts: path: /etc/ssh/ssh_known_hosts name: foo.com.invalid key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}" - name: Another way to call known_hosts known_hosts: name: host1.example.com # or 10.9.8.77 key: host1.example.com,10.9.8.77 ssh-rsa ASDeararAIUHI324324 # some key gibberish path: /etc/ssh/ssh_known_hosts state: present
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/known_hosts_module.html