diff --git a/cmd/dkl-local-server/ws-host.go b/cmd/dkl-local-server/ws-host.go
index 2cea621..d428a6f 100644
--- a/cmd/dkl-local-server/ws-host.go
+++ b/cmd/dkl-local-server/ws-host.go
@@ -6,6 +6,7 @@ import (
 	"log"
 	"net/http"
 	"path"
+	"strings"
 
 	restful "github.com/emicklei/go-restful"
 
@@ -138,6 +139,7 @@ func (ws wsHost) register(rws *restful.WebService, alterRB func(*restful.RouteBu
 
 		// ssh
 		b("ssh.pub").Produces("text/plain").Doc("Get the " + ws.hostDoc + "'s ssh public keys"),
+		b("known_hosts").Produces("text/plain").Doc("Get the " + ws.hostDoc + "'s ssh known_hosts fragment"),
 	} {
 		alterRB(rb)
 		rws.Route(rb)
@@ -261,6 +263,8 @@ func renderHost(w http.ResponseWriter, r *http.Request, what string, host *local
 
 	case "ssh.pub":
 		err = renderSshPub(w, ctx)
+	case "known_hosts":
+		err = renderKnownHosts(w, ctx)
 
 	default:
 		http.NotFound(w, r)
@@ -286,3 +290,31 @@ func renderSshPub(w http.ResponseWriter, ctx *renderContext) (err error) {
 	_, err = w.Write(buf.Bytes())
 	return
 }
+
+func renderKnownHosts(w http.ResponseWriter, ctx *renderContext) (err error) {
+	buf := new(bytes.Buffer)
+
+	names := append([]string{ctx.Host.Name},
+		ctx.Host.IPs...)
+
+	for _, name := range names {
+		for _, t := range sshKeyTypes {
+			k, err := ctx.sshHostKeyPair(t)
+			if err != nil {
+				return err
+			}
+
+			fields := strings.Fields(k.Public)
+
+			buf.WriteString(name)
+			buf.WriteByte(' ')
+			buf.WriteString(fields[0])
+			buf.WriteByte(' ')
+			buf.WriteString(fields[1])
+			buf.WriteByte('\n')
+		}
+	}
+
+	_, err = w.Write(buf.Bytes())
+	return
+}