diff --git a/cli/internal/cmd/ssh.go b/cli/internal/cmd/ssh.go
index 33ebabfaa..44ba10906 100644
--- a/cli/internal/cmd/ssh.go
+++ b/cli/internal/cmd/ssh.go
@@ -74,7 +74,10 @@ func writeCertificateForKey(cmd *cobra.Command, keyPath string, fh file.Handler,
 		return fmt.Errorf("generating SSH emergency CA key: %s", err)
 	}
 
-	debugLogger.Debug("SSH CA KEY generated", "public-key", string(ssh.MarshalAuthorizedKey(ca.PublicKey())))
+	marshalledKey := string(ssh.MarshalAuthorizedKey(ca.PublicKey()))
+	debugLogger.Debug("SSH CA KEY generated", "public-key", marshalledKey)
+	knownHostsContent := fmt.Sprintf("@cert-authority * %s", marshalledKey)
+	fh.Write("./known_hosts", []byte(knownHostsContent), file.OptMkdirAll)
 
 	keyBuffer, err := fh.Read(keyPath)
 	if err != nil {
diff --git a/docs/docs/workflows/troubleshooting.md b/docs/docs/workflows/troubleshooting.md
index 903c829e0..666dbbc33 100644
--- a/docs/docs/workflows/troubleshooting.md
+++ b/docs/docs/workflows/troubleshooting.md
@@ -177,7 +177,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor
 3. Now you can connect to any Constellation node using your certificate and your private key.
 
    ```bash
-   ssh -o CertificateFile=constellation_cert.pub -i <your private key> root@<ip of constellation node>
+   ssh -o CertificateFile=constellation_cert.pub -o UserKnownHostsFile=./known_hosts -i <your private key> root@<ip of constellation node>
    ```
 
    Normally, you don't have access to the Constellation nodes since they reside in a private network.
@@ -192,6 +192,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor
      IdentityFile <your private key>
      PreferredAuthentications publickey
      CertificateFile=constellation_cert.pub
+     UserKnownHostsFile=./known_hosts
      User root
      ProxyJump <LB domain name>
    ```