How do I automate population of known_hosts and authorized_keys?

HOW TO -️ October 18, 2021

This is a question that may be easier answered on askubuntu or, perhaps, serverfault, but it arises in the context of automated provisioning, so I figured that it's more appropriate here.

I am spinning up a multi-machine environment in vagrant, e.g. n+1 ubuntu-18.04 boxes, namely

  • term (short for terminal)
  • node1
  • ...
  • nodeN

They can all resolve each other by the above hostnames. It's necessary, that term can SSH into each of the nodes using its public key.

Manually I can do this with the following script:

ERROR Rendering Code Block

running, e.g., ./ 3. But then I have to type yes (to confirm the fingerprint of the node) and vagrant (the password) three times.

I want to move this procedure to the provisioning of the VMs in the Vagrantfile. So I have two questions:

  • How can this be automated without demanding manual input from myself?
  • When I transfer over from virtual machines to bare metal servers, what best practices should I follow to prevent infosec guys from screaming "man in the middle" at me?


This probably could help you: (running a keyscan on each host to add to your term's known_hosts before doing the ssh-copy-id)