diff --git a/playbooks/tasks/sync-ssh-hostkeys.yml b/playbooks/tasks/sync-ssh-hostkeys.yml
index 01f5986131e4a1095182d27e24be26f8af3a9fe0..f5706ea30afbf549e4d5de71049c7ef0335453c4 100644
--- a/playbooks/tasks/sync-ssh-hostkeys.yml
+++ b/playbooks/tasks/sync-ssh-hostkeys.yml
@@ -9,6 +9,8 @@
         changed_when: ssh_hostkeys | length > 0
       - name: fetch known_hosts
         shell: "set -o pipefail && ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#' | sort"
+        environment:
+          LC_COLLATE: C # to ensure reproducible ordering
         args:
           executable: /bin/bash # required for repro3.pkgbuild.com which is ubuntu and has dash as default shell
         register: known_hosts