Fixing 'SSH Error: Host key verification failed.' error in Ansible
The other day I rebuilt a VM that we’re managing using Ansible and when we tried to have Ansible reset it’s configuration we received the following error:
fatal: [xxx.xxx.xxx.xxx] => SSH Error: Host key verification failed.
while connecting to xxx.xxx.xxx.xxx:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.Ansible doesn’t provide a good explanation of how to fix this but the issue resolves around the fact that the IP address stayed the same but when the server was rebuilt the SSH keys changed and there’s a conflict in the known_hosts file.
If you attempt to SSH into the box as that user SSH will help you fix the problem:
user@host:~/path$ ssh user@xxx.xxx.xxx.xxx
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
a0:c9:23:12:f4:91:91:f0:45:0e:6c:d3:2e:ae:63:d7.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:13
remove with: ssh-keygen -f "/home/user/.ssh/known_hosts" -R xxx.xxx.xxx.xxx
ECDSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.Then running the ssh-keygen command removes the bad entry:
user@host:~/path$ ssh-keygen -f "/home/user/.ssh/known_hosts" -R xxx.xxx.xxx.xxx
# Host xxx.xxx.xxx.xxx found: line 13 type ECDSA
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.oldAnd finally we can now run Ansible and it will connect!
user@host:~/path$ ansible-playbook -v --inventory-file=ansible/inventory/production.ini -u user ansible/devel.yml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is a0:c9:23:12:f4:91:91:f0:45:0e:6c:d3:2e:ae:63:d7.
Are you sure you want to continue connecting (yes/no)? yes
Scott Keck-Warren
Scott is the Director of Technology at WeCare Connect where he strives to provide solutions for his customers needs. He's the father of two and can be found most weekends working on projects around the house with his loving partner.
Top Posts
- Working With Soft Deletes in Laravel (By Example)
- Fixing CMake was unable to find a build program corresponding to "Unix Makefiles"
- Upgrading to Laravel 8.x
- Get The Count of the Number of Users in an AD Group
- Multiple Vagrant VMs in One Vagrantfile
- Fixing the "this is larger than GitHub's recommended maximum file size of 50.00 MB" error
- Changing the Directory Vagrant Stores the VMs In
- Accepting Android SDK Licenses From The OSX Command Line
- Fixing the 'Target class [config] does not exist' Error
- Using Rectangle to Manage MacOS Windows