known_hosts – Add or remove a host from the known_hosts file
Synopsis
- The
known_hosts
module lets you add or remove a host keys from theknown_hosts
file. - Starting at Ansible 2.2, multiple entries per host are allowed, but only one for each key type supported by ssh. This is useful if you’re going to want to use the git module over ssh, for example.
- If you have a very large number of host keys to manage, you will find the template module more useful.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
hash_host boolean |
| Hash the hostname in the known_hosts file |
key - | The SSH public host key, as a string (required if state=present, optional when state=absent, in which case all keys for the host are removed). The key must be in the right format for ssh (see sshd(8), section "SSH_KNOWN_HOSTS FILE FORMAT"). Specifically, the key should not match the format that is found in an SSH pubkey file, but should rather have the hostname prepended to a line that includes the pubkey, the same way that it would appear in the known_hosts file. The value prepended to the line must also match the value of the name parameter. Should be of format `<hostname[,IP]> ssh-rsa <pubkey>` | |
name - / required | The host to add or remove (must match a host specified in key). It will be converted to lowercase so that ssh-keygen can find it. Must match with <hostname> or <ip> present in key attribute. aliases: host | |
path - | Default: "(homedir)+/.ssh/known_hosts" | The known_hosts file to edit |
state - |
|
present to add the host key, absent to remove it. |
Examples
- name: tell the host about our servers it might want to ssh to known_hosts: path: /etc/ssh/ssh_known_hosts name: foo.com.invalid key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}" - name: Another way to call known_hosts known_hosts: name: host1.example.com # or 10.9.8.77 key: host1.example.com,10.9.8.77 ssh-rsa ASDeararAIUHI324324 # some key gibberish path: /etc/ssh/ssh_known_hosts state: present
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Matthew Vernon (@mcv21)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/known_hosts_module.html