Vagrant x AnsibleでSSH接続エラー(WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!)

Vagrant 2.2.6 x ansible 2.9.3でPlaybook実行すると、SSHが拒否されてしまう。Vagrantの最新バージョンはキーを差し替えてしまうらしく、それが原因のようだった。

対策は、以下２点で解決した。

１．hostsファイルにキーのパスを追記
ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key ansible_ssh_user=vagrant

[hosts]

[vagrantservers]
192.168.33.10 ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key ansible_ssh_user=vagrant

２．キーの再生成
$ ssh-keygen -R <対象のIP>

$ ssh-keygen -R 192.168.33.10

（参考）コマンド実行履歴

以下はすべてMac上で実行（Vagrantで立てたVMにはログインしていない）。

$ vagrant up
$ ansible-playbook -i hosts site.yml --check

PLAYBOOK: site.yml **********************************************************************************************************
1 plays in site.yml

PLAY [Setup Ruby] ***********************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************
task path: /Users/user/Documents/Programming/Servers/vagrant-ansible-ror/site.yml:2
<192.168.33.10> ESTABLISH SSH CONNECTION FOR USER: vagrant
<192.168.33.10> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile=".vagrant/machines/default/virtualbox/private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="vagrant"' -o ConnectTimeout=10 -o ControlPath=/Users/user/.ansible/cp/d986014952 192.168.33.10 '/bin/sh -c '"'"'echo ~vagrant && sleep 0'"'"''
<192.168.33.10> (255, b'', b'@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:7VylyuI+cDZoFK8e16G93SKbEeRWEdVfWSpxyZylnHA.\r\nPlease contact your system administrator.\r\nAdd correct host key in /Users/user/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /Users/user/.ssh/known_hosts:19\r\nECDSA host key for 192.168.33.10 has changed and you have requested strict checking.\r\nHost key verification failed.\r\n')
fatal: [192.168.33.10]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:7VylyuI+cDZoFK8e16G93SKbEeRWEdVfWSpxyZylnHA.\r\nPlease contact your system administrator.\r\nAdd correct host key in /Users/user/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /Users/user/.ssh/known_hosts:19\r\nECDSA host key for 192.168.33.10 has changed and you have requested strict checking.\r\nHost key verification failed.",
    "unreachable": true
}

PLAY RECAP ******************************************************************************************************************
192.168.33.10              : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0



$ ll .vagrant/machines/default/virtualbox/
total 72
-rw-r--r--  1 user  staff    40B  2 18 00:08 action_provision
-rw-r--r--  1 user  staff    10B  2 18 00:41 action_set_name
-rw-r--r--  1 user  staff   122B  2 18 00:08 box_meta
-rw-r--r--  1 user  staff     3B  2 18 00:08 creator_uid
-rw-r--r--  1 user  staff    36B  2 18 00:08 id
-rw-r--r--  1 user  staff    32B  2 18 00:08 index_uuid
-rw-------  1 user  staff   1.6K  2 18 00:08 private_key
-rw-r--r--  1 user  staff   213B  2 18 00:42 synced_folders
-rw-r--r--  1 user  staff    63B  2 18 00:07 vagrant_cwd



$ ssh-keygen -R 192.168.33.10
# Host 192.168.33.10 found: line 19
/Users/user/.ssh/known_hosts updated.
Original contents retained as /Users/user/.ssh/known_hosts.old



$ vi hosts
$ cat hosts

[vagrantservers]
192.168.33.10 ansible_ssh_private_key_file=.vagrant/machines/default/virtualbox/private_key ansible_ssh_user=vagrant



$ ansible-playbook -i hosts site.yml --check

PLAYBOOK: site.yml **********************************************************************************************************
1 plays in site.yml

・・・

TASK [Gathering Facts] ****************************************************************************************************
The authenticity of host '192.168.33.10 (192.168.33.10)' can't be established.
ECDSA key fingerprint is SHA256:gVJMtxLjJDeWgKELM067s/AzdP3KO+Zwkigy9HuLfSQ.
Are you sure you want to continue connecting (yes/no)? yes

・・・

PLAY RECAP ******************************************************************************************************************
192.168.33.10              : ok=6    changed=0    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0