Can we add the droplet's ssh fingerprint to the droplet data?

January 29, 2015 2.3k views

I have a suggestion. I am using up ansible play books to provision servers on demand. One issue with ansible and digital ocean is the ssh fingerprint of the new server. It is possible to work around the new finger print prompt in ansible. Wwhat I found to be problematic was if an IP address was reused (as happened when testing). SSH failed and the play book halted. If you could modify your creation api to provide the new server's fingerprint it would be easy to spin up and provision a new server adding it to the known hosts file.

  • Please do this. There's no safe way to spin up a droplet and connect to it at this time, since if you put SSH host keys in advance on the droplet they get wiped by that image prep thing.

  • This would be awesome.

  • I discovered you actually can get the fingerprint by opening the remote console access for the droplet on the web. The fingerprint for the host keys as well as the network interfaces are displayed before the login prompt. You don't even have to log into the box. DigitalOcean should make this more obvious, however, by adding it to the information displayed in the droplet settings' network tab. They should also make it more clear in their documentation that you should do this the first time you connect to the server.

  • +1 for this. Being able to securely automate the initial connection to the droplet is an absolute must.

  • +1.

    Also, it appears you can no longer do what jimmycuadra explains. The fingerprint for the host key is no longer displayed before the login prompt when using the remote shell web UI.

5 Answers

Just to be clear. I want the finger print included in the response to the creation event so that automation tools like ansible can cleanly ssh into it right after creation.

Opening a remote console doesn't help tools like ansible work

The reason I want this in the API is so I can use a tool like an ansible playbook to create and commission a droplet automatically with out turning off strict host checking. I know I can get the host key manually.
I think getting it back as part of the response to a droplet creation event just makes sense.

Please make fingerprints available via the dashboard and API.

Any update on this request? This would be really handy!

Have another answer? Share your knowledge.