By lan
Hello everyone, my current problem is:
I wrote an Ansible playbook that rebuilds all droplets inside a specific DigitalOcean project.
As soon as the rebuild of a droplet is done, i always get “SSH connection timed out” errors for tasks on the remote host, making it impossible to run post rebuild processes needed on the remote host.
However, when i connect via SSH command, I can login just fine.
The login is only possible via SSH keypair authentification.
Thanks for your help.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya, @lan
It sounds like your Ansible playbook is trying to connect too soon after the rebuild, before the Droplet is fully ready for SSH.
Although manual SSH works (after waiting a bit), Ansible likely fails because the host isn’t ready when it tries.
You can add a delay or a wait-for-SSH task in your playbook. Example:
- name: Wait for SSH to be available
wait_for:
port: 22
host: "{{ inventory_hostname }}"
timeout: 300
This will pause until the Droplet is ready to accept SSH connections. Let me know if you want help adding this to your playbook.
Regards
Heya,
Why “SSH connection timed out” happens after rebuild
-
Timing Issue:
- After the droplet is rebuilt, Ansible tries to connect too early, before
sshdis fully running or accepting connections.
- After the droplet is rebuilt, Ansible tries to connect too early, before
-
SSH Host Key Change:
-
A rebuild means the machine image has changed, so the SSH host key has changed.
-
If the old key is in the Ansible control machine’s
~/.ssh/known_hostsfile, SSH will fail with a warning/error, even if you can log in manually (because SSH clients usually give you a prompt, while Ansible does not).
-
Use wait_for module to pause until SSH is available
Before running any post-rebuild tasks, insert a task like this:
- name: Wait for SSH to come up
ansible.builtin.wait_for:
host: "{{ inventory_hostname }}"
port: 22
delay: 10
timeout: 300
state: started
This will keep retrying until port 22 is accepting connections.
2. Flush old SSH host keys (or ignore them)
You might be running into SSH fingerprint mismatch errors.
Option A: Automatically remove old key from known_hosts Insert a task before connecting to the host:
- name: Remove host from known_hosts to avoid SSH key mismatch
local_action: >
ansible.builtin.shell ssh-keygen -R {{ inventory_hostname }}
run_once: true
Option B: Ignore host key checking entirely (less secure):
Add this to your inventory or playbook:
[all:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
Use a retries + delay mechanism for tasks after rebuild
You can also apply retry logic on tasks likely to fail if SSH isn’t fully ready:
- name: Ensure SSH login works
ansible.builtin.shell: whoami
register: result
retries: 10
delay: 10
until: result.rc == 0
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.