jeet/OCI_Build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[P1] host_key_checking = False in ansible.cfg — MITM risk #1

New Issue
Closed
opened 2026-03-22 18:04:09 +00:00 by jeet · 0 comments
jeet commented 2026-03-22 18:04:09 +00:00
Owner
Copy Link
Copy Source

Problem

ansible.cfg has host_key_checking = False. Any man-in-the-middle between your Ansible machine and OCI instances would be silently accepted — especially dangerous since vault secrets are deployed over these connections.

Fix

Flip the setting:

host_key_checking = True

Then populate ~/.ssh/known_hosts once per host:

ssh-keyscan -H <host-ip> >> ~/.ssh/known_hosts

File: ansible.cfg

## Problem `ansible.cfg` has `host_key_checking = False`. Any man-in-the-middle between your Ansible machine and OCI instances would be silently accepted — especially dangerous since vault secrets are deployed over these connections. ## Fix Flip the setting: ```ini host_key_checking = True ``` Then populate `~/.ssh/known_hosts` once per host: ```bash ssh-keyscan -H <host-ip> >> ~/.ssh/known_hosts ``` **File:** `ansible.cfg`
jeet closed this issue 2026-03-22 18:14:21 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jeet
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: jeet/OCI_Build#1
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?