Standard practice would be to display the ssh key's fingerprint and ask the user to validate it before importing it automatically.
Standard practice would be to display the ssh key's fingerprint and ask the user to validate it before importing it automatically.