diff --git a/ansible/inventory/group_vars/all/switches/keyscan b/ansible/inventory/group_vars/all/switches/keyscan
new file mode 100644
index 000000000..4fcdd1f5c
--- /dev/null
+++ b/ansible/inventory/group_vars/all/switches/keyscan
@@ -0,0 +1,5 @@
+---
+# Whether to skip scanning SSH keys for switches. In some cases scanning SSH
+# keys may fail e.g. due to unsupported key exchange algorithms on older
+# devices.  Default is false.
+switch_skip_keyscan: false
diff --git a/ansible/physical-network.yml b/ansible/physical-network.yml
index c00eb6422..f3bfaf00f 100644
--- a/ansible/physical-network.yml
+++ b/ansible/physical-network.yml
@@ -117,6 +117,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: arista-switch
       arista_switch_type: "{{ switch_type }}"
@@ -133,6 +134,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: dell-switch
       dell_switch_type: "{{ switch_type }}"
@@ -150,6 +152,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: stackhpc.network.dell_powerconnect_switch
       dell_powerconnect_switch_type: "{{ switch_type }}"
@@ -166,6 +169,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: junos-switch
       junos_switch_type: "{{ switch_type }}"
@@ -183,6 +187,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: stackhpc.network.mellanox_switch
       mellanox_switch_type: "{{ switch_type }}"
@@ -199,6 +204,7 @@
        default(100) }}
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: nclu-switch
       nclu_switch_config: "{{ switch_config }}"
@@ -209,6 +215,7 @@
   gather_facts: no
   roles:
     - role: ssh-known-host
+      when: not switch_skip_keyscan | bool
 
     - role: nvue-switch
       nvue_switch_config: "{{ switch_config }}"
diff --git a/doc/source/configuration/reference/physical-network.rst b/doc/source/configuration/reference/physical-network.rst
index b9146f771..e0e69cc18 100644
--- a/doc/source/configuration/reference/physical-network.rst
+++ b/doc/source/configuration/reference/physical-network.rst
@@ -181,6 +181,15 @@ example:
        description: compute0
        config: "{{ switch_interface_config_compute }}"
 
+Support for Older Devices
+=========================
+
+Some network devices may use SSH key exchange algorithms that are no longer
+supported by the Ansible control host. This will cause ``ssh-keyscan`` to fail,
+preventing Kayobe from configuring the devices. To work around this, set
+``switch_skip_keyscan`` to ``true`` for the affected devices. The SSH known
+hosts file on the Ansible control host will need to be populated manually.
+
 .. _physical-network-device-specific:
 
 Device-specific Configuration Variables
diff --git a/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml b/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
new file mode 100644
index 000000000..60a434bc8
--- /dev/null
+++ b/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds support for skipping SSH keyscan when configuring switches using
+    ``kayobe physical network configure`` using a ``switch_skip_keyscan``
+    variable.