As I’ve been working on Docker containers I’ve been having to use local containerised versions of ssh key pairs and known_hosts. I need to be able to carry out key creation etc. without upsetting my own personal keys under ~/.ssh.

This may be bread and butter stuff to many long time Linux admins, but it’s not something I’ve had to do on a daily basis until recently.

Creating a Key Pair

$ ssh-keygen -f rsa -b 4096 -f [key name]

Where I can specify the location and name of the key files to create eg.

$ ssh-keygen -t rsa -b 4096 -f folder/id_rsa

Will give me the id_rsa and files in the folder called folder.

Updating a known_host File

If I’m using two containers and need to get the remote containers key finger prints into my local containers known_hosts I can use ssh-keyscan to grab the fingerprints and then direct them to a file. Be careful as the order of the parameters is important, especially if you have ssh daemons on different ports on the remote.

$ ssh-keyscan -H -p 22 [remote host] >> folder/known_hosts

You can change the port that the keyscan pulls fingerprints from by changing the -p 22 to your required port.

This can even be scripted into your containers “entrypoint” so the connection is always ready and avoid the messages:

ECDSA host key for IP address ‘’ not in list of known hosts.

Host key verification failed.

Using ssh-agent to Remember Your Password

After a while relentlessly typing your keys passphrase gets wearing. Use the ssh-agent in your current environment to provide it for you.

$ eval `ssh-agent`
$ ssh-add

You’ll be asked for your password and then the agent will pass it along to all the future requests for that session.