How to save ssh-keyscan result with the port to .ssh/known_hosts

When I run

ssh-keyscan -p NNN -t rsa GITHOST

it produces sting like

GITHOST ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCZwBe6yneM2q2KEuQ3UV194hUcEcQ7b0xoYdKXKU6RrsxP2wup3uwC4q2SbPlW6XkjVtOIXY4c5aBaieMjNhIBFxGa2yUnTwZPFZiGMh/fwoZ2IsLsIE7XCj2q4eO1jmxvgWf7VAE7DVkGg5VTcRRoVOP5V15z9/saP5u4Tcwu1w==

And I add it to ~/.ssh/known_hosts file.

But the git still asks me about key verification. Could be it b/c there is no port information stored in the known_hosts file ?

How can I create proper known_hosts in a script?


Solution 1:

This is usually not needed since current ssh-keyscan versions will add the port for you. Older versions did not do that. You could post-process the line with sed like this:

ssh-keyscan -p NNN -t rsa GITHOST | sed -E 's/^([^ \[]+) (.*)$/[\1]:NNN \2/'

The output of ssh-keyscan is piped into sed that will use a substitute regexp to transform the output of ssh-keyscan to include the port.

This will result in:

[GITHOST]:NNN ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCZw....

Update: I refined the regexp above to play nice with ssh-keyscan output in already correct format.