Although this appears to be an issue with Ansible, you should be able to work around this issue:
- Manually connect via SSH to the target server.
- You should see a remote host key identification warning, you can use the command proposed in the warning message to get rid of the non-matching, stored host key.
- Manually connect via SSH again to the target server. Accept (let
sshstore) the new host key. - Manually connect a third time via SSH, now the SSH connection should just work.
Trellis/Ansible should now also work, as its SSH connections work correctly now.
The host key changes as Trellis also updates the SSH server configuration for improved security, which causes new host keys to be generated. Those new host keys should be handled automatically (AFAIK), but sometimes it doesn’t.