diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index 798103fe43..15aafd2c38 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -1,4 +1,30 @@
 ---
+#
+# We have some tasks here in case this is a bare metal machine
+# and we are provisioning it for the first time. 
+# virtual machines are handled in tasks/virt-instance-create
+#
+
+- name: make sure there is no old ssh host key for the host still around
+  local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
+  ignore_errors: True
+  with_items:
+  - /root/.ssh/known_hosts
+  when: birthday is true
+
+- name: gather ssh host key from new instance
+  local_action: command ssh-keyscan -t rsa {{ inventory_hostname }}
+  ignore_errors: True
+  register: hostkey
+  when: birthday is true
+
+- name: add new ssh host key (until we can sign it)
+  local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
+  ignore_errors: True
+  with_items:
+  - /root/.ssh/known_hosts
+  when: birthday is true
+
 - name: check if sshd port is already known by selinux
   shell: semanage port -l | grep ssh
   register: sshd_selinux_port