archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Address nuance in key checking docs (#82058)

Browse Source 
* Address nuance in key checking docs

  and add note to ssh plugin to let users know 'final authoritative source'.

* Update lib/ansible/plugins/connection/ssh.py

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/82074/head
Brian Coca 1 year ago committed by GitHub
parent b4920c83ad
commit bf29458726
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File

8
lib/ansible/config/base.yml
Unescape Escape View File

@ -1499,11 +1499,13 @@ GALAXY_REQUIRED_VALID_SIGNATURE_COUNT:
- This should be a positive integer or all to indicate all signatures must successfully validate the collection.
- Prepend + to the value to fail if no valid signatures are found for the collection.
HOST_KEY_CHECKING:
# note: constant not in use by ssh plugin anymore
# NOTE: constant not in use by ssh/paramiko plugins anymore, but they do support the same configuration sources
# TODO: check non ssh connection plugins for use/migration
name: Check host keys
name: Toggle host/key check
default: True
description: 'Set this to "False" if you want to avoid host key checking by the underlying tools Ansible uses to connect to the host'
description:
- Set this to "False" if you want to avoid host key checking by the underlying connection plugin Ansible uses to connect to the host.
- Please read the documentation of the specific connection plugin used for details.
env: [{name: ANSIBLE_HOST_KEY_CHECKING}]
ini:
- {key: host_key_checking, section: defaults}

4
lib/ansible/plugins/connection/ssh.py
Unescape Escape View File

@ -19,6 +19,8 @@ DOCUMENTATION = '''
- connection_pipelining
version_added: historical
notes:
- This plugin is mostly a wrapper to the ``ssh`` CLI utility and the exact behavior of the options depends on this tool.
This means that the documentation provided here is subject to be overridden by the CLI tool itself.
- Many options default to V(None) here but that only means we do not override the SSH tool's defaults and/or configuration.
For example, if you specify the port in this plugin it will override any C(Port) entry in your C(.ssh/config).
- The ssh CLI tool uses return code 255 as a 'connection error', this can conflict with commands/tools that
@ -35,7 +37,7 @@ DOCUMENTATION = '''
- name: delegated_vars['ansible_host']
- name: delegated_vars['ansible_ssh_host']
host_key_checking:
description: Determines if SSH should check host keys.
description: Determines if SSH should reject or not a connection after checking host keys.
default: True
type: boolean
ini:

Write Preview
Loading…
Cancel
Save