Updating known hosts
The fingerprint for the RSA key sent by the remote host isaa:bb:cc:dd:ee:ff::::00. Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/username/.ssh/known_hosts:24Password authentication is disabled to avoid man-in-the-middle attacks.
Connections will be denied until this new host and its associated key is added to the Known Hosts file.
I found I can do this if I use the following config entries in ~/.ssh/config file. if I place the above code in the user's ~/.ssh/config file of a remote machine and try Ansible playbook for the first time, I won't be prompted for entring "yes" and playbook will run successfully (without requiring the user to manually create a known_hosts file entry from the source machine to the target/remote machine). What security issues I should take care if I go ~/.ssh/config way 2.
One of the more irritating things about working with virtual machines is SSH host keys. Of course, if you don't care about security you could arrange for all your virtual machines to use the same host key, or use the option; but as the Free BSD Security Officer and the author of a secure online backup service neither of those are acceptable as far as I'm concerned.
Find the host key fingerprint in the virtual machine's console logs. Type "yes" and hope that they really were the same and not just mostly the same.
The very first time you log into a new host you will be asked to verify that the system is the one you intended to access.
The remote system will send its host key to your client as part of their handshake and your client will ask you to verify the host key fingerprint before continuing the login process.
This new feature is designed to prevent man-in-the-middle attack as explained in the Jenkins Security Advisory 2017-03-20.