diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py
index 86d37ee6e..a2879c4ca 100644
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@@ -239,6 +239,13 @@ class ControlHostBootstrap(KayobeAnsibleMixin, KollaAnsibleMixin, VaultMixin,
       exists.
     """
 
+    def get_parser(self, prog_name):
+        parser = super(ControlHostBootstrap, self).get_parser(prog_name)
+        group = parser.add_argument_group("Host Bootstrap")
+        group.add_argument("--add-known-hosts", action='store_true',
+                           help="add SSH known hosts entries for each host")
+        return parser
+
     def take_action(self, parsed_args):
         self.app.LOG.debug("Bootstrapping Kayobe Ansible control host")
         ansible.install_galaxy_roles(parsed_args)
@@ -268,6 +275,11 @@ class ControlHostBootstrap(KayobeAnsibleMixin, KollaAnsibleMixin, VaultMixin,
             self.run_kayobe_playbooks(parsed_args, playbooks,
                                       ignore_limit=True)
 
+        if parsed_args.add_known_hosts:
+            self.app.LOG.debug("Adding to known_hosts")
+            playbooks = _build_playbook_list("ssh-known-host")
+            self.run_kayobe_playbooks(parsed_args, playbooks)
+
 
 class ControlHostUpgrade(KayobeAnsibleMixin, VaultMixin, Command):
     """Upgrade the Kayobe control environment.
diff --git a/releasenotes/notes/ssh-known-hosts-on-control-host-bootstrap-3b9cfb3ff7ef47f6.yaml b/releasenotes/notes/ssh-known-hosts-on-control-host-bootstrap-3b9cfb3ff7ef47f6.yaml
new file mode 100644
index 000000000..e37e460ae
--- /dev/null
+++ b/releasenotes/notes/ssh-known-hosts-on-control-host-bootstrap-3b9cfb3ff7ef47f6.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Adds the ``--add-known-hosts`` option to control host bootstrap. This will add
+    SSH known hosts entries for each host. This should provide a way around
+    the issues described in `story 2001670
+    <https://storyboard.openstack.org/#!/story/2001670>`__.