When is it better to use ssh-keyscan instead of ssh to manage known_hosts?

ssh known-hosts openssh sshd

Solution 1:

Results of adding the host key to the known_hosts explicitly using ssh-keyscan or by connecting using ssh are technically the same.

Though ssh-keyscan does not really give you a chance to verify that the host key is valid. So you would have to ex-post check the contents of the known_hosts, eventually removing the key if it turns out that it is key of a malicious server. Also known_hosts contains a full key, which you can hardly verify. On the contrary the ssh shows you a fingerprint of the host key, which is easier to verify.

Related

How to remove the Google Drive Overlay Icons for Windows Files and Folders?
how to sum up mm:ss in excel column into 1 cell?
Which of these RAM chips can I use, to be compatible?
Required DataBindingComponent is null in class AgentDetailsActivityBindingImpl
Extract specific parts from sentence by using infer keyword in Typescript Template Literal?
TypeORM: [364] ERROR: missing FROM-clause entry for table "userorganisation" at character 401
Jfrog cli docker image is not persistent
How to add new configuration with Gradle Kotlin-dsl
Sorting rows by the number of list elements the row contains
What does jest.fn() do and how can I use it?
How does curly braces following trait instantiation work?
Java Record custom constructor