0

I have two VMs.

  • VM-instance-1
  • VM-instance-2

These two connect to each other over ssh back and forth for some automate tasks using user1.

Issue is that these two gets reprovisioned momentarily and after that we have to manually authenticate fingerprint for ssh to work.

I tried adding id_rsa.pub for each of them to other known_hosts and persist the known_hosts file to replace the new ones after reprovisioning.

However, the issue is every time while reprovisioning when the new ssh-keygen is done it generates new keys, hence the persisting known_hosts is useless.

What can be done for these hosts to remember each other’s and their own fingerprints so we don’t need to manually authenticate fingerprint every time.

Nullpointer
  • 181
  • When you talk about accepting fingerprints, do you mean for the SSH host keys? id_rsa.pub is the user's pubic key, not the host key. – muru Dec 13 '22 at 02:12
  • @muru Yes, then i may be confusing it but I am referring to host keys, the prompt you get when you first time try to ssh. – Nullpointer Dec 13 '22 at 02:42
  • You can use StrictHostKeyChecking=accept-new for that (see https://unix.stackexchange.com/a/33273/70524). But depending on how you're provisioning the systems, you could also just set the SSH host keys yourself. – muru Dec 13 '22 at 03:54
  • @muru unfortunately since StrictHostKeyChecking=accept-new will disable fingerprint checking for all machines so cant do it with that, so how can i set the (same) host keys myself and configure other machine to remember those? – Nullpointer Dec 13 '22 at 07:06
  • That depends on how you're provisioning these. If using cloud-init, there's https://cloudinit.readthedocs.io/en/latest/topics/modules.html#host-keys – muru Dec 13 '22 at 07:29
  • ssh-keyscan can collect host keys. – meuh Dec 13 '22 at 10:03

0 Answers0