If you’re like me, and you have thousands of systems running ssh, and you want to ssh to all of them, you will get really familiar with the following:
The authenticity of host '10.97.56.242 (10.97.56.242)' can't be established
but keys of different type are already known for this host.
As fun as it may be to type ‘yes’ over and over again for practice, there is a better way:
ssh-keyscan -f ips-to-check.txt -t rsa >> ~/.ssh/known_hosts
Where ips-to-check.txt is a list of all the ips, 1 per line.
Related posts:
#1 by Jeff Schroeder on January 12, 2009 - 4:53 pm
Quote
Or if you use puppet, take a look at this facter plugin:
http://git.black.co.at/?p=module-ssh;a=blob;f=plugins/facter/sshkeys.rb;h=f8df9234a45d81d8e9fe1ac275a45b85067e61d5;hb=9ccdd6ed46031db9001f9b71285455c297f56dfc
Really take a look at this entire git module:
http://git.black.co.at/?p=module-ssh;a=summary
#2 by Chris Kolosiwsky on January 15, 2009 - 5:12 pm
Quote
You could also add the following to your .ssh/config
Host *
StrictHostKeyChecking no
This is a security risk though, so please weigh out the plusses and minuses…