Extracting or setting SSH host keys for deployed machines?

I was looking for a cool way to do automatic SSH host key verification to construct my known_hosts file after building many hosts with MAAS.

Does MAAS provide a way to extract the SSH host key from a deployed machine?

Alternatively, could MAAS set this key before/while the machine is being deployed?


SSH keys for the user that performed the deployment are automatically added to authorized_keys for the ubuntu user on the deployed machine.

Hi @roota

Thanks for the response, sorry for not being clear enough but I’m not looking for a way to add user SSH keys to a new host. I’m looking for a way to verify the host key of a new host through MAAS.

For example, when connecting to this newly created host, I’m prompted to verify the host key for that server:

PS C:\Users\col592> ssh ceph-data-t-mon-01
The authenticity of host 'ceph-data-t-mon-01 (<no hostip for proxy command>)' can't be established.
ED25519 key fingerprint is SHA256:9jaIc0YSMIuYXjuIAAWt5kF9evJyp0Nl5Dcd5tV0LIQ.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

It would be nice to have an automated way to collect this host key fingerprint through MAAS, so that I can automatically verify many hosts that have just been created by MAAS. At the moment I’m just blindly accepting them, which isn’t ideal.

Got it now. MAAS does not have such feature out of the box but I think you can achieve it with the tools that it provides.

The only way to achieve what you are looking for is to login to the machine with a method you trust and extract the fingerprint. You can run cloud-init scripts on the deployed machines because MAAS will store them when the os is installed, so you can extract and forward the fingerprint to a place you trust