Published on April 17, 2025 3:10 PM GMT
I do a lot of work on EC2, where I ssh into a few instances Iuse for specific purposes. Each time I did this I'd get a promptlike:
$ ssh_ec2nfThe authenticity of host 'ec2-54-224-39-217.compute-1.amazonaws.com(54.224.39.217)' can't be established.ED25519 key fingerprint is SHA256:...This host key is known by the following other names/addresses: ~/.ssh/known_hosts:591: ec2-18-208-226-191.compute-1.amazonaws.com ~/.ssh/known_hosts:594: ec2-54-162-24-54.compute-1.amazonaws.com ~/.ssh/known_hosts:595: ec2-54-92-171-153.compute-1.amazonaws.com ~/.ssh/known_hosts:596: ec2-3-88-72-156.compute-1.amazonaws.com ~/.ssh/known_hosts:598: ec2-3-82-12-101.compute-1.amazonaws.com ~/.ssh/known_hosts:600: ec2-3-94-81-150.compute-1.amazonaws.com ~/.ssh/known_hosts:601: ec2-18-234-179-96.compute-1.amazonaws.com ~/.ssh/known_hosts:602: ec2-18-232-154-156.compute-1.amazonaws.com (185 additional names omitted)Are you sure you want to continue connecting (yes/no/[fingerprint])?
The issue is that each time I start my instance it gets a new hostname(which is just derived from the IP) and so SSH's trust on firstuse doesn't work properly.
Checking that "185 additional names omitted" is about the number I'dexpect to see is ok, but not great. And it delays login.
I figured out how to fix this today:
Edit ~/.ssh/known_hosts to add an entry for eachEC2 host I use under my alias for it. So I havec2-44-222-215-215.compute-1.amazonaws.com ssh-ed25519AAAA... and I duplicate that to add ec2nf ssh-ed25519AAAA... etc.
Modify my ec2ssh script to set HostKeyAlias:ssh -o "StrictHostKeyChecking=yes" -o "HostKeyAlias=ec2nf"...
More secure and more convenient!
(What got me to fix this was an interaction with my auto-shutdownscript, where if I did start_ec2nf && sleep 20 &&ssh_ec2nf but then went and did something else for a minute ortwo the machine would often turn itself off before I came back and gotaround to saying yes.)
Comment via: facebook, mastodon, bluesky
Discuss
