
Ask HN: How do you distribute ssh server fingerprints? - pmoriarty
Problem: Your organization has a lot of servers which are constantly being created, modified, replaced, and destroyed.  So their ssh host keys change frequently, and new ones get added frequently.<p>Question 1: How do you effeciently and securely distribute the right ssh server fingerprints to all of your team members?<p>Question 2: How do you keep the fingerprints that each team member has up-to-date?
======
tshtf
This problem has been solved long ago in OpenSSH:

[https://www.digitalocean.com/community/tutorials/how-to-
crea...](https://www.digitalocean.com/community/tutorials/how-to-create-an-
ssh-ca-to-validate-hosts-and-clients-with-ubuntu)

------
toast0
The easiest thing is probably to check in a known hosts file. Hopefully your
revision control server has a stable host key.

