Question

Is it possible to get/set SSH host key programatically?

It seems FreeBSD images does not support user-data, so I cannot set ssh host keys there myself. Is there either another way to set the host key or alternatively read the one generated at first boot programmatically?

The only way to do this I am aware of is to open the console for the droplet via the web interface and read the key there which pretty much defeats the purpose of using the api to programmatically provision droplets in the first place. Not verifying host keys is a terrible idea and a complete showstopper.

Alternatively, can console output somehow be scraped?

Thanks Troels

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You can accept .the generated ssh key, in a roundabout way, by sshing one time to the new droplet.

ssh -o "StrictHostKeyChecking no" root@$(doctl compute droplet ls --format PrivateIPv4 --no-header ${name}) 'exit 0'

Then continue with the rest of your stuff, of course you can use any other ip from the droplet, depending on what you want to do.

The purists will say you open yourself up to a man-in-the-middle, but if you’re on a private network this should not be an issue.

Not sure If I got what you are asking, but I use Terraform and it is able to provision a new FreeBSD droplet with a pre-configured SSH key.

The API it uses is: https://developers.digitalocean.com/documentation/v2/#ssh-keys

Regards,

Nicholas

@tkjacobsen

I’d recommend looking at doctl - GitHub Repository - Usage Guide & Overview.

There’s a specific section that deals with SSH Keys here.

Using doctl isn’t limited to your local environment. You could deploy it to a web server and call on its functionality from there as well.

You can also pull the data down using JSON if you prefer and then store the output to a file, which could then be called by your application to do whatever needs to be done.

This comment has been deleted

This comment has been deleted

Not sure if I got what you are looking for, but I use Terraform and it is able to provision a new FreeBSD droplet with a chosen SSH host key.

If you need the “raw” API endpoint have a look at https://developers.digitalocean.com/documentation/v2/#ssh-keys

Regards,

Nicholas