Automating SSH access into ec2

Question

I need to automate passwordless access to ec2 instances in a master/slave configuration.

So for it works but I suspect I hit a snag.

The below are the steps for allowing the ec2 master to ssh into a ec2 slave.

On the master I do the following:

cd /home/ubuntu/.ssh
ssh-keygen -f id_rsa -t rsa -N ''
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa 

On the slave I add the above generated id_rsa.pub file to:

/home/ubuntu/.ssh/authorized_keys

So...issue is that that when I ssh into a machine it asks for the following:

RSA key fingerprint is b4:50:7e:5c:5f:41:f5:cd:95:91:78:5b:8a:1f:97:df.
Are you sure you want to continue connecting (yes/no)?

The program I am trying to run;tsung, seems to not work with the prompt even though a password is now not required. So, the programn fails. If I ssh into the slave, thus adding the key, then all works now that hte yes/no is no longer asked. So..the question is, how do I automate the removing the prompt? I can write a script to automatomate e.g. pexpect but that seems long winded.

Answer 1

The yes/no question is only asked the very first time you connect so that it can save that handshake info. It will never ask it again, so do it once, connect manually, then automation should work for future visits.

This is a basic part of SSH, and not AWS in particular.

Answer 2

You can use ssh-keyscan (typically part of OpenSSH distributions) to get the server's host key and store it in a known_hosts file. Once the key is in that file, no further prompts will show up. See the ssh-keyscan manpage for details.

There is, of course, a reason SSH asks you to verify the identity of the server, so doing this exposes you to certain security risks. Depending on how you create your instances, you may be able to fix this by (a) using the same host key on the server every time and (b) including it in your client image (or whatever you do).