If it comes back blank with return code of 1, then you don't have it.
If it prints something and return code is 0, then it's already present.--- # ansible playbook that adds ssh fingerprints to known_hosts - hosts: all connection: local gather_facts: no tasks: - command: /usr/bin/ssh-keyscan -T 10 register: keyscan - lineinfile: name=~/.ssh/known_hosts create=yes line= with_items: '' This is simply dumps output of a keyscan, yes.
Now to use that string in a way that prevents asking about a hosts authenticity...
The known_hosts file in this case does not use plaintext entries.
How you do this depends on how you're setting up the virtual machines, however, but reading it off the virtual filesystem, if possible, or even getting the host to print the contents of during configuration may do the trick.
That said, this may not be worthwhile, depending on what sort of environment you're working in and who your anticipated adversaries are.
You certainly wouldn't do anything "automatically"[email protected] Wallace Yes, for that you need at least the fingerprint or even better the public key, in which case you can add it directly to known_hosts, turning this question moot.
ECDSA key fingerprint is SHA256: H1D3k BF9/t0ynbz2Iqf Ud VHh L/WROQLGan2ijkfe T0s. Are you sure you want to continue connecting (yes/no)?
Is there a way that I can bypass this and get the new host to be already known to the client machine, maybe by using a public key that's already baked into the virtual machine image ?
I'd really like to avoid having to use Expect or whatever to answer the interactive prompt if I can.
Just remember more comparisons from different computers & networks will usually increase your ability to trust the connection.
, pointing to that file, to ensure that you're connecting to the host you believe you should be connecting to.
[email protected]:~$ ssh-keyscan # SSH-2.0-conker_1.0.257-ce87fba app-128 no hostkey alg # SSH-2.0-conker_1.0.257-ce87fba app-129 ssh-rsa AAAAB3Nza C1yc2EAAAABIw AAAQEAubi N81e Dcafrg Me Lza FPsw2k Nv Ecq TKl/Vq Lat/Ma B33p Zy0y3r JZtnqw R2q OOvbw KZYKi EO1O6Vq NEBx Kv JJel Cq0d TXWT5pb O2g DXC6h6QDXCa Ho6p OHGPUy YBa GQRGu Sus MEASYi Wun YN0v CAI8Qa Xn WMXNMd FP3j HAJH0e Dsoi Gn LPBl Bp4TNm6r YI74n Mzgz3B9Iik W4WVK dc8KZJZWYj Au ORU3jc1c/NPsk D2ASinf8v3xnf Xeuk U0s J5N6m5E8VLj Ob PEO m N2t/FZTMZLi Fq PWc/ALSqn Mnnhwr Ni2rbfg/rd/Ip L8Le3p SBne8 see FVBo Gqz HM9y Xw== # SSH-2.0-conker_1.0.257-ce87fba app-123 no hostkey alg So, ahead of time, we have a way of asking for a form of identification from the original host.