0
I wanted to get rid of some warnings I'm getting when running an automated builds environment (Scrutinizer-CI, to be precise).
Digging here, I've found this solution I can add to the script which prepares the container:
ssh-keyscan -H -p 1234 domain.tld >> ~/.ssh/known_hosts
It looks like this is not the best way to do so. Not sure if that's a matter of security or what, but the warnings about the host is gone.
The problem is that I'm still getting a warning for the IP to which the domain resolve.
I guess that this would sole the problem
ssh-keyscan -H -p 1234 123.231.321.213 >> ~/.ssh/known_hosts
But what if I don't know the IP, or if the host does not always resolve to the same IP?
There is some command/script I could write to resolve the IP and pass it to the above script?
Andrea Sciamanna
Posted 2017-02-03T17:36:16.797
Reputation: 103
can you explain why I would need to use
| grep ^[0-9] | xargs -r -n1?Using either one or the other example, I get a bunch errors.
Instead, using
ssh-keyscan -H -p 10022 $(dig -t a +short domain.tld)I get what it seems to be a legit result.In fact, just
dig -t a +short domain.tldreturns a single IP address. – Andrea Sciamanna – 2017-02-03T20:26:56.247I meant to mention you, but apparently I failed: that's a second attempt :) @RichAlloway – Andrea Sciamanna – 2017-02-03T20:36:25.650
1No problem @AndreaSciamanna ! The
| grep ^[0-9]only uses the IPs returned by dig (if a hostname starts with a number, the grep would need to be modified to better identify IPs). When testing with www.yahoo.com, I get two IPs and 'fd-fp3.wg1.b.yahoo.com.', which is the CNAME for www.yahoo.com, in the dig output. ssh-keyscan appears to behave with the trailing period, but I wanted to exclude the CNAME. The| xargs -r -n1creates one execution of ssh-keyscan per result, but doesn't execute ssh-keyscan at all if there are no results. – Rich Alloway - RogueWave – 2017-02-03T21:05:53.663