2023-07-05 11:33:45 +02:00
|
|
|
# Fetching SSH hostkeys without interaction
|
|
|
|
|
|
2024-04-01 06:10:32 +02:00
|
|
|
---- dataentry snipplet ---- snipplet_tags: ssh, ssh-keys
|
2023-07-05 11:33:45 +02:00
|
|
|
LastUpdate_dt: 2010-07-31 Contributors: Jan Schampera
|
|
|
|
|
|
|
|
|
|
------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
Applies at least to `openssh`.
|
|
|
|
|
|
|
|
|
|
To get the hostkeys for a server, and write them to `known_hosts`-file
|
2024-03-30 20:09:26 +01:00
|
|
|
(to avoid that yes/no query when the key isn't known), you can do:
|
2023-07-05 11:33:45 +02:00
|
|
|
|
|
|
|
|
ssh-keyscan -t rsa foo foo.example.com 1.2.3.4 >> ~/.ssh/known_host
|
|
|
|
|
|
|
|
|
|
This example queries the hostkeys for the very same machine, but under 3
|
|
|
|
|
different \"names\" (hostname, FQDN, IP) and redirects the output to the
|
|
|
|
|
`known_hosts`-file.
|
|
|
|
|
|
|
|
|
|
[**Notes:**]{.underline}
|
|
|
|
|
|
|
|
|
|
- if done blindly, the `known_host`-file may grow very large. It might
|
|
|
|
|
be wise to check for key existance first
|
|
|
|
|
- if multiple keys for the same host exist in `known_hosts`, the first
|
|
|
|
|
one is taken (which might be an old or wrong one)
|
