diff --git a/examples/ansible.cfg b/examples/ansible.cfg
index 0e9e91de14a..c76447dbb9b 100644
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -90,7 +90,11 @@ filter_plugins     = /usr/share/ansible_plugins/filter_plugins
 
 [paramiko_connection]
 
-# nothing configurable yet
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance.  Setting works independently of the
+# host key checking setting above.
+
+#record_host_keys=False
 
 [ssh_connection]
 
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py
index c729272c14c..0d1e27c9cc5 100644
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -127,7 +127,8 @@ DEFAULT_LOG_PATH               = shell_expand_path(get_config(p, DEFAULTS, 'log_
 
 ANSIBLE_NOCOWS                 = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None)
 ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)
-ZEROMQ_PORT                    = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
+PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
+ZEROMQ_PORT                    = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
 
 DEFAULT_UNDEFINED_VAR_BEHAVIOR = get_config(p, DEFAULTS, 'error_on_undefined_vars', 'ANSIBLE_ERROR_ON_UNDEFINED_VARS', False, boolean=True)
 HOST_KEY_CHECKING              = get_config(p, DEFAULTS, 'host_key_checking',  'ANSIBLE_HOST_KEY_CHECKING',    True, boolean=True)
diff --git a/lib/ansible/runner/connection_plugins/paramiko_ssh.py b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
index 016a67495ae..84a57c194da 100644
--- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py
+++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
@@ -303,9 +303,14 @@ class Connection(object):
         if self.sftp is not None:
             self.sftp.close()
 
-        if self._any_keys_added():
+        if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
+
             # add any new SSH host keys -- warning -- this could be slow
             lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") 
+            dirname = os.path.dirname(self.keyfile)
+            if not os.path.exists(dirname):
+                os.makedirs(dirname)
+
             KEY_LOCK = open(lockfile, 'w')
             fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
             try: