I have spent years trying to work out how to bypass the fingerprint check when you start an SSH session to a new host. Finally, I have found it… and it’s easy.

Why would you want to… I know the reason the ssh command does not allow you to do this is for security reasons, but if you are monitoring a host from a list, and need to keep the list dynamic you don’t want to have to keep logging in and then setting up the keys for the first time. ssh-keyscan to the rescue.

Here is a really simple example of how to use it (you must supply the hostname as the first parameter).

#!/bin/sh

function addHost() {
    mkdir -p $HOME/.ssh
    touch $HOME/.ssh/known_hosts
    chmod 644 $HOME/.ssh/known_hosts

    pkey=`grep $1 $HOME/.ssh/known_hosts`

    if [ "$pkey" = "" ]
    then
        echo "Adding $1 to known hosts"
        ssh-keyscan -t rsa $1 >> $HOME/.ssh/known_hosts
    fi
}

if [ "$1" = "" ]
then
    echo "usage: `basename $0` <host> [<ssh>]"
    exit 1
fi

addHost $1
ssh $*