I suppose that a work around could be to use this: https://www.digitalocean.com/company/blog/easily-automate-the-provisioning-of-your-droplets/ and a key registry of some kind or even just run a script to replace the generated keys with ones generated by the provisioning server.

Because debugging is hard when you have slightly messed up a cloud-init script, I elected to inject the key with the following cloud-init script:

```
{ "runcmd" => ["rm /etc/ssh/etc/ssh/ssh_host_ecdsa*",
"echo #{private_key} > /tmp/base64_pri && base64 --decode /tmp/base64_pri > /etc/ssh/ssh_host_ecdsa_key",
"echo #{public_key} > /tmp/base64_pub && base64 --decode /tmp/base64_pub > /etc/ssh/ssh_host_ecdsa_key.pub",
"chmod 600 /etc/ssh/ssh_host_ecdsa_key",
"chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub",
"sleep 1 && service ssh restart"
] }
```

I have been asking for this for years now....such a supposedly easy thing to do with profound security implications if not done! Every time I start a droplet I have to :

1) log into console and check ssh key
2) accept the key in my local terminal

Such a wasted opportunity for DO!

It would be nice if the public host key was also displayed on the website (maybe on the droplet access page)... This would help serve users who create droplets through the website with the same improvement in establishing trust.

As a temporary hack, this can be already be done: open a terminal session on the web console, and print the public host key fp. This happens over HTTPS.