Disabling Host Key Checking in Ansible: Pros and Cons

Ansible is a software tool that automates cross-platform computer support in a simple yet effective way. It is primarily aimed at IT professionals, who use it for application deployment, workstation and server updates, cloud provisioning, configuration management, intra-service orchestration, and much anything else a systems administrator does on a weekly or daily basis.

What is Ansible?

Ansible is an IaC open-source software suite developed in Python. It solves issues with software provisioning, updates, configuration management, and application functionality. Furthermore, it automates the IT experience, streamlining collaboration between a central server and several distant servers, and it uses files to hold automation code for all of these operations. These files are known as an Ansible Playbook. Furthermore, Ansible is a push-model program that operates without an agent. This implies that host computers do not require any software to function.

Why is Ansible disable host key checking?

• At the start of network computing, efficiently managing servers was a major difficulty. As hosted applications become increasingly complicated, server administrators are used to manage servers, software installations, configurations, and so on.
• Furthermore, Ansible is a server provisioning and configuration management solution that simplifies the server administrator's workload.
• Ansible may operate on numerous hosts in the infrastructure at the same time as it accomplishes this by using inventory, which is a list or collection of lists.

How To Disable Host Key Checking?

Here is the step-by-step process to disable Host Key Checking:

Step 1: Temporarily Disable Host Key Check

First, you can use the -o option with the ssh command to prevent host key checking for a single SSH session.

ssh -o StrictHostKeyChecking=no user@hostname

Output:

Step 2: Use Environment Variable

You need to Change the ANSIBLE_HOST_KEY_CHECKING variable in your shell or a script, also you can turn off host key checking.

export ANSIBLE_HOST_KEY_CHECKING=False

Output:

Step 3: Modify SSH Configuration

In the next step, The SSH client can also be set up to reject host key verification and this can be completed by adding SSH options to the Ansible configuration or by editing the SSH configuration file.

Host *
    StrictHostKeyChecking no;
    UserKnownHostsFile /dev/null

Step 4: Add SSH Arguments

Next, enter the SSH parameters listed below in the [ssh_connection] section.

[ssh_connection]
ssh_args = -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

Step 5: Verify the Configuration

Next, you have to run an Ansible command to test the configuration to check the hosts are reachable and correctly configured.

ansible -m ping all

Output:

Step 6: Add YML playbook file

Now, you must save YML playbook file and write code as necessary. The following is an example code.

- name: filename
  hosts: EducativeGroup
  vars:
    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
  tasks:

Step 7: Use Ansible Inventory or Playbook

Lastly, you can directly specify SSH parameters in your playbook or Ansible inventory.

[webservers]
192.168.1.100 ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev'

Output:

Pros of Disabling Host Key Checking in Ansible

Below are some pros of Disabling Host Key Checking in Ansible

• Agentless: An agentless architecture is one of Ansible's advantages as it refers to the absence of software agents, which must be installed and functioning on remote systems or nodes.
• Continuous Deployment: It removes disruptions from host key verification prompts to enable more seamless automation and CI/CD pipelines.
• Scalability: They can be expanded from several to thousands of nodes and their push-based approach also supports the simultaneous configuration for multiple devices, so they are ideal even for large-scale deployments.

Cons of Disabling Host Key Checking in Ansible

Below are some cons of Disabling Host Key Checking in Ansible

• UI is lacking: Ansible, which was previously a command-line-only program, made its first try at a UI with AWX: a graphical user interface, and a REST endpoint to simplify infrastructure administration.
• A Newer Offering: Ansible has not been around as long as rival systems such as Chef or Puppet as a result, it has the smallest developer/user community and the fewest resources on the web for self-help and troubleshooting.
• Statelessness: Ansible does not track the state of managed systems by default.

Conclusion

In this article, we have learned about Disabling Host Key Checking in Ansible: Pros and Cons. Ansible gives us the freedom to modify the processes to our needs. However, certain security and performance measures should remain unchanged. In our circumstance, we can use a few commands to avoid host key checks.