cli: write known_hosts file

cli/internal/cmd/ssh.go

@@ -74,7 +74,10 @@ func writeCertificateForKey(cmd *cobra.Command, keyPath string, fh file.Handler,
 		return fmt.Errorf("generating SSH emergency CA key: %s", err)
 	}
 
-	debugLogger.Debug("SSH CA KEY generated", "public-key", string(ssh.MarshalAuthorizedKey(ca.PublicKey())))
+	marshalledKey := string(ssh.MarshalAuthorizedKey(ca.PublicKey()))
+	debugLogger.Debug("SSH CA KEY generated", "public-key", marshalledKey)
+	knownHostsContent := fmt.Sprintf("@cert-authority * %s", marshalledKey)
+	fh.Write("./known_hosts", []byte(knownHostsContent), file.OptMkdirAll)
 
 	keyBuffer, err := fh.Read(keyPath)
 	if err != nil {

docs/docs/workflows/troubleshooting.md

@@ -177,7 +177,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor
 3. Now you can connect to any Constellation node using your certificate and your private key.
 
    ```bash
-   ssh -o CertificateFile=constellation_cert.pub -i <your private key> root@<ip of constellation node>
+   ssh -o CertificateFile=constellation_cert.pub -o UserKnownHostsFile=./known_hosts -i <your private key> root@<ip of constellation node>
    ```
 
    Normally, you don't have access to the Constellation nodes since they reside in a private network.
@@ -192,6 +192,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor
      IdentityFile <your private key>
      PreferredAuthentications publickey
      CertificateFile=constellation_cert.pub
+     UserKnownHostsFile=./known_hosts
      User root
      ProxyJump <LB domain name>
    ```