2

I have servers set up that look something like the diagram attached.

I am trying to ssh into one of the build servers in the auto scaling group via the load balancer(NLB), but getting the following error message.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for xxx has changed,
and the key for the corresponding IP address xx.xx.xx.xx
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/xxx/.ssh/known_hosts:15
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please contact your system administrator.
Add correct host key in /home/xxx/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/xxx/.ssh/known_hosts:21
ECDSA host key for xxx has changed and you have requested strict checking.
Host key verification failed.

What is the proper way to allow SSH sessions to connect the build server regardless of the dynamic IP address assigned?

enter image description here

d-_-b
  • 153
  • 1
  • 7

1 Answers1

1

You can add host_key_checking = False in you ansible.cfg configuration file (See Ansible Getting Started) or you can add ansible_ssh_common_args='-o StrictHostKeyChecking=no' as properties of your server in the inventory file. For more examples, see this Stack Overflow answer.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
NoNoNo
  • 1,963
  • 14
  • 20