do-agent icon indicating copy to clipboard operation
do-agent copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

Export host ssh key for use with doctl compute ssh

Open johnandersen777 opened this issue 1 year ago • 0 comments

Please only create a Github issue for bugs related to the code itself. If you are experiencing an issue with sending metrics, display graphs, errors from the agent, etc, please contact https://cloudsupport.digitalocean.com/s/ so we can provide support

Before opening an issue, make sure there is not a similar issue already open

Describe the problem

When we start a droplet and ssh in for the first time we are prompted to validate the host key. If the agent is installed, the host key could be exported by it so that we can use the DO API as an out of band channel to verify the host key, using a temporary UserKnownHostsFile populated with the contents of the reported host key from do-agent when executing doctl compute ssh.

Steps to reproduce

export COMPUTE_DOMAIN=example.com && export COMPUTE_SUBDOMAIN=scitt.eve export COMPUTE_NAME=scitt-eve
doctl compute droplet create --image "$(doctl compute image list-application --no-header --format Slug | grep docker | tail -n 1)" --size $(doctl compute size list --no-header --format Slug | head -n 2 | tail -n 1) --region sfo3 --droplet-agent=true --tag-name scitt "${COMPUTE_NAME}"
STATUS=new
while [[ "x${STATUS}" = "xnew" ]]; do
  STATUS=$(doctl compute droplet get --no-header --format Status ${COMPUTE_NAME});
done
export COMPUTE_IPV4=$(doctl compute droplet list --no-header --format PublicIPv4 "${COMPUTE_NAME}")
doctl compute ssh --ssh-command "echo No authenticity prompt" "${COMPUTE_NAME}"

The authenticity of host '146.190.157.111 (146.190.157.111)' can't be established.
ED25519 key fingerprint is SHA256:KYj44PidPrB3fnxnrxHBTsIUHPKwtYrL/EkKA/oSoMo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Expected behavior

$ doctl compute ssh --ssh-command "echo No authenticity prompt" "${COMPUTE_NAME}"
No authenticity prompt

System Information

Distribution and version:

+ doctl compute droplet create --image docker-20-04 --size s-1vcpu-1gb --region sfo3 --droplet-agent=true --tag-name scitt scitt-eve                                                                                               
ID           Name         Public IPv4    Private IPv4    Public IPv6    Memory    VCPUs    Disk    Region    Image                                   VPC UUID    Status    Tags     Features         Volumes
384269096    scitt-eve                                                  1024      1        25      sfo3      Ubuntu Docker 23.0.6 on Ubuntu 22.04                new       scitt    droplet_agent

do-agent information:

N/A, new feature request, does not exist in version 3e2db3a5c8686ca0de20be6f4c30124290277213

johnandersen777 avatar Nov 10 '23 12:11 johnandersen777