Problem Statement
When a host is deleted from Red Hat Satellite, all associated entries from services like DNS, DHCP, TFTP, and Puppet are removed via the foreman-proxy. However, the corresponding SSH known_hosts entry on the Smart Proxy (Capsule) server under ~foreman-proxy/.ssh/known_hosts is not automatically removed. This results in SSH key mismatch errors when the same IP is reused for a new host, causing remote execution and provisioning tasks to fail with errors like Host key verification failed.

Since SSH host keys are used to ensure secure communication, retaining stale entries can interrupt automated workflows, delay provisioning, and increase operational overhead.

User Experience & Workflow

User provisions a host via Satellite.

when ssh from satellite to hots satellite adds the host's SSH key to ~foreman-proxy/.ssh/known_hosts for remote execution.

Host is deleted from Satellite.

All DNS/DHCP/Puppet records are cleaned up, but the known_hosts entry remains.

When reusing the same IP or hostname for a new host, remote execution fails due to SSH key mismatch.

Requirements
Introduce a supported mechanism or hook to clean up known_hosts entries when a host is deleted.

Must work across all Smart Proxies associated with the Satellite.

Should optionally log this action for audit purposes.

Business Impact

Manual cleanup of known_hosts is error-prone and does not scale in large environments.

Leads to remote execution failures, delays in provisioning, and inconsistent automation.