When connecting to a new virtual machine (VM) over SSH for the first time, it is normal to get a message like this:
The authenticity of host '▮▮▮.▮▮▮.▮▮▮.▮▮▮ (▮▮▮.▮▮▮.▮▮▮.▮▮▮)' can't be established.
ECDSA key fingerprint is SHA256:xXxNzzW4OtIxa+O4IDjnj0MmZlrNxHyZtYKw/7rOSfQ.
Are you sure you want to continue connecting (yes/no)?
If I want to be super-careful, how do I check if the fingerprint matches my VM in OpenStack? I can use the Horizon GUI or the openstack CLI, but I can only log into the actual VM with SSH keys, so there's no logging in on the interactive console.
If the VM is using cloud-init, the host keys should be available on the instance "Log" tab on the Horizon Web interface as a part of the console log / booting process output. The printing helper write-ssh-key-fingerprints should run i the cloud-inits final stage.