How do I automate population of known_hosts and authorized_keys?

This is a question that may be easier answered on askubuntu or, perhaps, serverfault, but it arises in the context of automated provisioning, so I figured that it's more appropriate here.

I am spinning up a multi-machine environment in vagrant, e.g. n+1 ubuntu-18.04 boxes, namely

• term (short for terminal)

• node1

• ...

• nodeN

They can all resolve each other by the above hostnames. It's necessary, that term can SSH into each of the nodes using its public key.

Manually I can do this with the following script:

#!/bin/bash

head='node'

ssh-keygen -N '' -f ~/.ssh/id_rsa

for ((i=1; i<=$1; i++)); do
  name=$head
  name+=$i
  ssh-copy-id $name
done

running, e.g., ./copyid.sh 3. But then I have to type yes (to confirm the fingerprint of the node) and vagrant (the password) three times.

I want to move this procedure to the provisioning of the VMs in the Vagrantfile. So I have two questions:

• How can this be automated without demanding manual input from myself?

• When I transfer over from virtual machines to bare metal servers, what best practices should I follow to prevent infosec guys from screaming "man in the middle" at me?

You have to execute ssh-keyscan. For example to ssh to a host (github.com here ) you have to run below script

# Add ssh key to help cloning private github repo

ssh-keygen -t rsa -N "" -f secrets/ssh/github_rsa
PUB_KEY=$(cat secrets/ssh/github_rsa.pub)
PRV_KEY=$(cat secrets/ssh/github_rsa)

echo "${PRV_KEY}" >> ~/.ssh/github_rsa
chmod 600 ~/.ssh/github_rsa
eval $(ssh-agent)
ssh-add ~/.ssh/github_rsa

ssh-keyscan github.com >> ~/.ssh/known_hosts
echo IdentityFile ~/.ssh/github_rsa >> ~/.ssh/config

echo "Paste the following public key to your host machine ".${PUB_KEY}

StackExchange DevOps Q#5391, answer score: 4