Fix intermittent host key verification failures in ansible tasks#2144
Open
Fix intermittent host key verification failures in ansible tasks#2144
Conversation
With high fork counts (e.g. 50), multiple SSH processes within a single ansible-playbook run read/write the shared known_hosts file simultaneously, causing race conditions that lead to "Host key verification failed" errors. AI-assisted: Claude Code Signed-off-by: Christian Berendt <berendt@osism.tech>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey - I've found 1 issue, and left some high level feedback:
- Disabling SSH host key checking globally via
ANSIBLE_HOST_KEY_CHECKING = "False"is a significant security change; consider making this behavior opt-in (e.g., via a function parameter or config flag) rather than always-on. - If the goal is to avoid known_hosts race conditions, it may be safer to direct Ansible to use a per-run or per-task dedicated
known_hostsfile instead of disabling host key verification entirely.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Disabling SSH host key checking globally via `ANSIBLE_HOST_KEY_CHECKING = "False"` is a significant security change; consider making this behavior opt-in (e.g., via a function parameter or config flag) rather than always-on.
- If the goal is to avoid known_hosts race conditions, it may be safer to direct Ansible to use a per-run or per-task dedicated `known_hosts` file instead of disabling host key verification entirely.
## Individual Comments
### Comment 1
<location path="osism/tasks/__init__.py" line_range="180-184" />
<code_context>
# This ensures Ansible's Python process flushes stdout immediately
env["PYTHONUNBUFFERED"] = "1"
+ # Disable SSH host key checking to prevent intermittent "Host key verification
+ # failed" errors. With high fork counts (e.g. 50), multiple SSH processes within
+ # a single ansible-playbook run read/write the shared known_hosts file
+ # simultaneously, causing race conditions and file corruption.
+ env["ANSIBLE_HOST_KEY_CHECKING"] = "False"
+
# Use a unique SSH ControlPath directory per task to prevent race conditions
</code_context>
<issue_to_address>
**🚨 issue (security):** Disabling SSH host key checking globally has significant security implications.
Unconditionally setting `ANSIBLE_HOST_KEY_CHECKING` to `False` disables host key pinning for all Ansible SSH connections from this helper, enabling possible MITM and misbinding to the wrong host, particularly in shared environments. Please make this opt‑in (e.g., via a parameter or config flag) with a secure default, or strictly scope the override to known-safe environments where the risk is explicitly accepted.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Comment on lines
+180
to
+184
| # Disable SSH host key checking to prevent intermittent "Host key verification | ||
| # failed" errors. With high fork counts (e.g. 50), multiple SSH processes within | ||
| # a single ansible-playbook run read/write the shared known_hosts file | ||
| # simultaneously, causing race conditions and file corruption. | ||
| env["ANSIBLE_HOST_KEY_CHECKING"] = "False" |
There was a problem hiding this comment.
🚨 issue (security): Disabling SSH host key checking globally has significant security implications.
Unconditionally setting ANSIBLE_HOST_KEY_CHECKING to False disables host key pinning for all Ansible SSH connections from this helper, enabling possible MITM and misbinding to the wrong host, particularly in shared environments. Please make this opt‑in (e.g., via a parameter or config flag) with a secure default, or strictly scope the override to known-safe environments where the risk is explicitly accepted.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With high fork counts (e.g. 50), multiple SSH processes within a single ansible-playbook run read/write the shared known_hosts file simultaneously, causing race conditions that lead to "Host key verification failed" errors.
AI-assisted: Claude Code