How do I automate population of known_hosts and authorized_keys?
This is a question that may be easier answered on askubuntu or, perhaps, serverfault, but it arises in the context of automated provisioning, so I figured that it's more appropriate here.
I am spinning up a multi-machine environment in vagrant, e.g. n+1 ubuntu-18.04 boxes, namely
- term (short for terminal)
- node1
- ...
- nodeN
They can all resolve each other by the above hostnames. It's necessary, that term can SSH into each of the nodes using its public key.
Manually I can do this with the following script:
ERROR Rendering Code Block
running, e.g., ./copyid.sh 3. But then I have to type yes (to confirm the fingerprint of the node) and vagrant (the password) three times.
I want to move this procedure to the provisioning of the VMs in the Vagrantfile. So I have two questions:
- How can this be automated without demanding manual input from myself?
- When I transfer over from virtual machines to bare metal servers, what best practices should I follow to prevent infosec guys from screaming "man in the middle" at me?
Answer
This probably could help you: https://unix.stackexchange.com/questions/126908/get-ssh-server-key-fingerprint (running a keyscan on each host to add to your term's known_hosts before doing the ssh-copy-id)
