ssh-keyscan stderr comment on success

Posted on

ssh-keyscan stderr comment on success – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, ssh, shell, , .

I am running a shell script to add fingerprints to known_hosts.

Code is like this:

status=$(ssh-keyscan -T 5 $remotehost >> ~/.ssh/known_hosts 2>&1)
if [[ $? != 0 ]]; then
  echo -n Error: ""
  echo "$status"
  exit 1
fi

Result is like this:

ssh-keyscan -T 5 example.com
# example.com SSH-2.0-OpenSSH_5.3
example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA.....o9sgjFlqfli7ZQ==

Until recently I had no issues but as of late ssh-keyscan adds that comments to the stderr on success and fills my hosts file with garbage. This eventually leads to the hosts file erroring after the same host has been used twice due to a ssh-keygen -R example.com command ran ahead to ensure no duplication.

I have been unable to figure out a way to disable that stderr comment.

Solution :

The original script is (I think) correct except for the order of the redirections.
Swap them round so that first stderr is sent to stdout, then redirect stdout to the file (leaving stderr unchanged). That gives you a clean output file and any errors stored in the variable.

Untested but that’s how it should work.

So first line of script should be …

status=$(ssh-keyscan -T 5 $remotehost 2>&1 >> ~/.ssh/known_hosts )

I might be missing something here but changing the 2>&1 to 2>/dev/null should do the trick surely.


I’d probably do what you want something like this as, as written your $status will never contain anything because you redirect all the output to ~/.ssh/known_hosts

ssh-keyscan -T 5 $remotehost >> ~/.ssh/known_hosts 2>~/.ssh/error.log
if [[ $? != 0 ]]; then
  echo -n Error: ""
  cat  ~/.ssh/error.log
  exit 1
fi

Leave a Reply

Your email address will not be published. Required fields are marked *