Hi.
I'm trying to automate access to an Amazon Web Services machine instance. What this means is that my script is trying to use ssh to connect to a new server every time. I know the RSA fingerprint of my new server through an out-of-band channel.
I would like to capture the RSA fingerprint returned by my first attempt to connect with ssh, compare with the known value, and then proceed with connection only if they match.
This is an example response from manual interaction with ssh
The authenticity of host 'notreal (123.456.78.90)' can't be established.
RSA key fingerprint is 46:1b:c6:2e:e9:63:a2:60:7c:ad:05:14:a9:93:23:da.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Here's what I have so far
# call ssh but decline to connect. We can parse out the RSA fingerprint
# from the response.
CHECK_FP=`ssh -t -t -i ~/.ec2/id_rsa-gsg-keypair root@$EC2_HOST 2>&1 <<EOF
no
EOF`
echo "The ssh returned fingerprint is $CHECK_FP"
Unfortunately CHECK_FP is returning "Host key verification failed", i.e. only the line after the user interaction. Also, my attempt to feed the "no" response automatically doesn't work either and I still have to enter it myself.
How can I call ssh, feeding it the correct "no" response and store the complete string from ssh for parsing?
Alternatively, is there another tool which can ask the server for the RSA fingerprint? Nothing from the ssh toolset looks appropriate.
Limitations: I'm on a small NAS linux box so installing expect and its Tcl dependencies isn't an option. Other options I've looked at involving finding the public RSA key of the server and storing it in known_hosts, but I don't think the public RSA key is available.
Thanks!