Ansible Strict Hostkey Checking Automation

I run Ansible after creating a VM on Proxmox with OpenTofu. After I destroy and recreate a machine, its hostkey changes. I needed to remove the old hostkey from known_hosts to connect to the machine. After removing it, I did not actually want to connect to the machine and manually confirm its hostkey. Instead, I wanted to directly apply Ansible playbook. However, it would not work because Ansible would fail to connect to the machine and would not present me with an interactive field to confirm the hostkey.

The solution is provided by the modern OpenSSH. Just add the line below to ~/.ssh/config

StrictHostKeyChecking accept-new

It will automatically accept all new hostkeys, but will still enforce the checking of the old ones.

It’s not ideal from the security standpoint, but my homelab is not a highly-secure enterprise where I need to manually verify the key fingerprints manually.