known_hosts – Add or remove a host from the known_hosts file

Synopsis

  • The known_hosts module lets you add or remove a host keys from the known_hosts file.
  • Starting at Ansible 2.2, multiple entries per host are allowed, but only one for each key type supported by ssh. This is useful if you’re going to want to use the git module over ssh, for example.
  • If you have a very large number of host keys to manage, you will find the template module more useful.

Parameters

Parameter Choices/Defaults Comments
hash_host
boolean
    Choices:
  • no ←
  • yes
Hash the hostname in the known_hosts file
key
-
The SSH public host key, as a string (required if state=present, optional when state=absent, in which case all keys for the host are removed). The key must be in the right format for ssh (see sshd(8), section "SSH_KNOWN_HOSTS FILE FORMAT"). Specifically, the key should not match the format that is found in an SSH pubkey file, but should rather have the hostname prepended to a line that includes the pubkey, the same way that it would appear in the known_hosts file. The value prepended to the line must also match the value of the name parameter. Should be of format `<hostname[,IP]> ssh-rsa <pubkey>`
name
- / required
The host to add or remove (must match a host specified in key). It will be converted to lowercase so that ssh-keygen can find it.
Must match with <hostname> or <ip> present in key attribute.

aliases: host
path
-
Default:
"(homedir)+/.ssh/known_hosts"
The known_hosts file to edit
state
-
    Choices:
  • present ←
  • absent
present to add the host key, absent to remove it.

Examples

- name: tell the host about our servers it might want to ssh to
  known_hosts:
    path: /etc/ssh/ssh_known_hosts
    name: foo.com.invalid
    key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}"

- name: Another way to call known_hosts
  known_hosts:
    hostname: host1.example.com   # or 10.9.8.77
    key: host1.example.com,10.9.8.77 ssh-rsa ASDeararAIUHI324324  # some key gibberish
    path: /etc/ssh/ssh_known_hosts
    state: present

Status

Authors

  • Matthew Vernon (@mcv21)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.