From Issue5674. We have a /vsm/ssh_hostname parameter, that specifies the host to run ssh-keyscan against, but we do not have a /vsm/ssh_port parameter. This means that if SSH is not running on port 22, the host keys cannot be fetched.
*** Bug 2937 has been marked as a duplicate of this bug. ***
Another thing that we should consider when solving this is that tl-setup's firewall module assumes that the SSH server runs on port 22. The attached patch wouldn't solve that problem.