Can we add the droplet's ssh fingerprint to the droplet data?

Posted January 29, 2015 7.6k views

I have a suggestion. I am using up ansible play books to provision servers on demand. One issue with ansible and digital ocean is the ssh fingerprint of the new server. It is possible to work around the new finger print prompt in ansible. Wwhat I found to be problematic was if an IP address was reused (as happened when testing). SSH failed and the play book halted. If you could modify your creation api to provide the new server’s fingerprint it would be easy to spin up and provision a new server adding it to the known hosts file.

  • Please do this. There’s no safe way to spin up a droplet and connect to it at this time, since if you put SSH host keys in advance on the droplet they get wiped by that image prep thing.

  • This would be awesome.

  • I discovered you actually can get the fingerprint by opening the remote console access for the droplet on the web. The fingerprint for the host keys as well as the network interfaces are displayed before the login prompt. You don’t even have to log into the box. DigitalOcean should make this more obvious, however, by adding it to the information displayed in the droplet settings’ network tab. They should also make it more clear in their documentation that you should do this the first time you connect to the server.

  • +1 for this. Being able to securely automate the initial connection to the droplet is an absolute must.

  • +1.

    Also, it appears you can no longer do what jimmycuadra explains. The fingerprint for the host key is no longer displayed before the login prompt when using the remote shell web UI.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
8 answers

Just to be clear. I want the finger print included in the response to the creation event so that automation tools like ansible can cleanly ssh into it right after creation.

Opening a remote console doesn’t help tools like ansible work

The reason I want this in the API is so I can use a tool like an ansible playbook to create and commission a droplet automatically with out turning off strict host checking. I know I can get the host key manually.
I think getting it back as part of the response to a droplet creation event just makes sense.

Please make fingerprints available via the dashboard and API.

Any update on this request? This would be really handy!

This is the simplest fix I could think about while using existing concepts, hope you like it

Just trying to bump this. Is there any reason why this feature request is being ignored by Digital Ocean? Is there any reason why you can’t do this? It really doesn’t seem like it would be that hard to do…

I use the user-data attribute in a POST to the DO API to provide a modified to cloud-init. In turn phone_home POSTS the needed key to an endpoint I provide on my localhost.

This gist provides details: