How to ignore or Pass 'Yes' when The authenticity of host can't be established in Expect Shell script during Automation

Question

I want to Provide 'Yes' automatically or Ignore it and proceed in a SECURE way, when the below statement comes during execution of my Expect Shell script?.

#!/usr/bin/expect
spawn ssh $user@$host

The authenticity of host 'abcdef (10.566.1.98)' can't be established. RSA key fingerprint is jk:94:ba:93:0b:eb:ff:df:ea:gh:hj:23:3c:hj:9c:be. Are you sure you want to continue connecting (yes/no)?

Answer 1

This works, and it's especially convenient for docker builds

ssh-keyscan hostname.example.com >> $HOME/.ssh/known_hosts

Answer 2

It's possible to avoid this question and accept all incoming keys automaticatilly by using ssh client option StrictHostKeyChecking set to no (default setting is ask, which results in that question):

ssh -o StrictHostKeyChecking=no "$user@$host"

However, note that it would be hardly any secure, as you're basically accepting connect with everyone who may act as a given host. The only secure way to avoid question is to pre-distribute host public keys to clients, i.e. in form of pre-generated known hosts file, which can be used in some way like that:

ssh \
    -o UserKnownHostsFile=PATH_TO_YOUR_KNOWN_HOSTS_FILE \
    -o StrictHostKeyChecking=yes "$user@$host"

This way you'll avoid the question if the check fails, and ssh will result in non-zero exit status.

Answer 3

Make use of exp_continue for this scenario.

#!/usr/bin/expect 
set prompt "#|>|\\\$"
spawn ssh dinesh@myhost
expect {
        #If 'expect' sees '(yes/no )', then it will send 'yes'
        #and continue the 'expect' loop
        "(yes/no)" { send "yes\r";exp_continue}
        #If 'password' seen first, then proceed as such.
        "password"
}
send "root\r"
expect -re $prompt

Reference : Expect