I am creating a bash script to provision a new server that I can deploy a web application to. One thing I always have to do is as GitHub as a known host using ssh git@github.com. How can I automate this process in a bash script, and do it in an idempotent way?
Asked
Active
Viewed 2.7k times
3 Answers
20
The simple way to go would be to do something like this.
ssh-keyscan remote_server >>~/.ssh/known_hosts
If this box is brand new you might also need to create the ~/.ssh directory before you run ssh-keyscan.
Keep in mind that ssh-keyscan can take an arbitrary number of hostnames. It will get all the keys it can.
5
Are you trying to automate accepting the new key? If so, you could use -oStrictHostKeyChecking=no.
Doing so is a very bad idea as you're now completely wide open to man-in-the-middle attacks.
A better option would be just to manage a known_hosts file and reuse that file when you provision new servers. Stick it on github and write a simple script to download that file before sshing into github.
The strict host key checking is a good thing.
1
I'm not sure i understand the question, but i think you want to ignore the known_host prompt or avoid it entirely, in which case:
ssh -o StrictHostKeyChecking=no
or other suggestions at: http://www.joedog.org/2012/07/ssh-disable-known_hosts-prompt/
Sirex
- 5,585