Passing host_key_checking

Question

Passing host_key_checking

varunchopra opened this issue 6 years ago · 6 comments

How would I pass host_key_checking = False to my script?

First, I passed it as an option and ran the script - got this:

Traceback (most recent call last):
  File "testing.py", line 7, in <module>
    result = api.command('hostname')
  File "/usr/local/lib/python2.7/dist-packages/suitable/module_runner.py", line 171, in execute
    return self.evaluate_results(callback)
  File "/usr/local/lib/python2.7/dist-packages/suitable/module_runner.py", line 199, in evaluate_results
    self, server
  File "/usr/local/lib/python2.7/dist-packages/suitable/module_runner.py", line 180, in trigger_event
    action = getattr(self.api, method)(*args)
  File "/usr/local/lib/python2.7/dist-packages/suitable/api.py", line 224, in on_unreachable_host
    raise UnreachableError(module, host)
suitable.errors.UnreachableError: ec2-52-66-178-96.ap-south-1.compute.amazonaws.com could not be reached

I modified /etc/ssh/ssh_config and added StrictHostKeyChecking no and ran the script again. Same error ^.

I then SSH'd normally without making any more changes:

 ssh ec2-user@ec2-52-66-178-96.ap-south-1.compute.amazonaws.com -i .id_rsa

and it worked.

I then ran the script again and it was able to login.

Answer 1 · 2018-08-01T12:13:13.000Z

Can you try passing it through the extra_vars and let me know if it works?

api = Api('example.org', extra_vars={'host_key_checking': False})

You could also try the following environment variable:

export ANSIBLE_HOST_KEY_CHECKING=False

If none of this works let me know and I'll try to reproduce this.

Answer 2 · 2018-08-01T16:11:21.000Z

Hmm, shouldn't work as an extra_var but I'll give it a shot. ¯\_(ツ)_/¯

Doesn't work:

api = Api('example.org', extra_vars={'host_key_checking': False})

Works:

export ANSIBLE_HOST_KEY_CHECKING=False

Would be great if it worked otherwise though. Perhaps an additional option could be added (?). This would allow us to use other config variables like library too.

Answer 3 · 2018-08-03T08:35:02.000Z

Okay, thanks for trying. I agree that it makes sense to add this. I'll tackle it as soon as I have the time.

Answer 4 · 2018-08-17T10:43:36.000Z

This can alternatively be done as follows:
api = Api('www.rueti.ch', ssh_extra_args='-o StrictHostKeyChecking=no')

Unfortunately this doesn't currently work with Mitogen due to this function:
https://github.com/dw/mitogen/blob/898c06f1b9f1417b9f7c18465bee78eda7df2ec0/ansible_mitogen/connection.py#L70-L91

You could argue that Mitogen shouldn't enforce host key checking if the extra arg is given, since Ansible does the correct thing here. But ultimately what is needed is a way to change the constants before each task execution as defined on the Api object. For some reason Ansible only considers the global constants in this specific instance.

I do not have a fix yet, I just wanted to lie out some findings after looking into this a bit more.

Answer 5 · 2019-02-01T14:57:50.000Z

I added a new Api option to handle this case. It turns out to be somewhat special as there's no single obvious way to pass this variable down to every connection plugin.

This is how it can be used:

api = Api(host, host_key_checking=False)

Naturally, this defaults to True.

Answer 6 · 2019-02-01T16:20:02.000Z

I've uploaded a new release to PyPI. Feel free to reopen if this doesn't solve your problem.