ssh-keyscan through a bastion
Solution 1:
Quick googling suggests that ssh-keyscan doesn't honour ssh config file and all other ssh tricks. (Although this thread is quite old).
With Ansible you can delegate keyscan task to your bastion host and then append you known_hosts file locally:
- hosts: localhost
gather_facts: no
tasks:
- command: "ssh-keyscan {{ new_host }}"
register: new_host_fingerprint
delegate_to: bastion
- lineinfile:
dest: /root/ssh/known_hosts
line: "{{ item }}"
with_items: "{{ new_host_fingerprint.stdout_lines }}"
where new_host
is the IP-address of created host (192.168.0.123 in your example).
Solution 2:
SSH to the bastion and run ssh-keyscan
from there:
ssh bastion ssh-keyscan remote-host1