Openstack: How to find out VM's key fingerprint before first SSH session

Question

When connecting to a new virtual machine (VM) over SSH for the first time, it is normal to get a message like this:

The authenticity of host '▮▮▮.▮▮▮.▮▮▮.▮▮▮ (▮▮▮.▮▮▮.▮▮▮.▮▮▮)' can't be established.
ECDSA key fingerprint is SHA256:xXxNzzW4OtIxa+O4IDjnj0MmZlrNxHyZtYKw/7rOSfQ.
Are you sure you want to continue connecting (yes/no)?

If I want to be super-careful, how do I check if the fingerprint matches my VM in OpenStack? I can use the Horizon GUI or the openstack CLI, but I can only log into the actual VM with SSH keys, so there's no logging in on the interactive console.

I guess you could try a cloud-init phone-home module (https://cloudinit.readthedocs.io/en/latest/topics/modules.html#phone-home) to receive host keys for spawned instances. — Radoslav Bodó, Mar 16 '21 at 15:57
Indeed this is a viable approach if you have time to prepare. Less so if you are a newcomer. — Frigo, Mar 16 '21 at 16:24

Radoslav Bodó · Accepted Answer · 2021-03-16T18:10:53.007

2

If the VM is using cloud-init, the host keys should be available on the instance "Log" tab on the Horizon Web interface as a part of the console log / booting process output. The printing helper write-ssh-key-fingerprints should run i the cloud-inits final stage.

edited Mar 16 '21 at 18:10

answered Mar 16 '21 at 18:03

Radoslav Bodó

613
5
19

Openstack: How to find out VM's key fingerprint before first SSH session

1 Answers1