Updating known hosts

Connections will be denied until this new host and its associated key is added to the Known Hosts file.Key exchange was not finished, connection is closed. IOException: There was a problem while connecting to [AGENT_HOSTNAME]:22 [04/04/17 ] [SSH] Opening SSH connection to [AGENT_HOSTNAME]:22.The fingerprint for the RSA key sent by the remote host isaa:bb:cc:dd:ee:ff::::00. Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.Offending RSA key in /home/username/.ssh/known_hosts:24Password authentication is disabled to avoid man-in-the-middle attacks. PLAY [appservers] ************************************************************* GATHERING FACTS *************************************************************** fatal: [server02product-ref.dev] = TASK: [common | remove old ansible-tmp-*] ************************************* FATAL: no hosts matched or all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/var/lib/jenkins/site.retry server01: ok=0 changed=0 unreachable=1 failed=0 server02: ok=0 changed=0 unreachable=1 failed=0 Build step 'Execute shell' marked build as failure Finished: FAILURE This error can be resolved, if I first go to the source machine (from where I'm running the ansible playbook) and manually ssh to the target machine (as the given user) and enter "yes" for known_hosts file entry.Now, if I run the same ansible playbook second time, it works without an error.[04/04/17 ] [SSH] WARNING: The SSH key for this host does not match the key required in the connection configuration.

At that point I got busy with other things (most notably final preparations for the Free BSD 9.0-RELEASE announcement) but on Sunday evening I sat down and wrote a much-needed shell script: script uses ssh-keyscan to download all the host keys for the specified hostname; uses ssh-keygen to compute their fingerprints; compares them to the list of fingerprints provided on the command-line; and adds any new host keys to . Of course, this only works if you know which fingerprints to specify on the command line; for newly launched EC2 instances, they're mixed up in other console output. This new feature is designed to prevent man-in-the-middle attack as explained in the Jenkins Security Advisory 2017-03-20.Note: The Man-in-the-middle attacks happens when a server pretend to be the remote Host, between you and the server you intend to connect to.Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that a host key has just been changed.