diff --git a/docker/Dockerfile.flux b/docker/Dockerfile.flux
index d1dd76404..2aa23fcca 100644
--- a/docker/Dockerfile.flux
+++ b/docker/Dockerfile.flux
@@ -6,11 +6,10 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0' gnupg
 
 # Add git hosts to known hosts file so we can use
 # StrickHostKeyChecking with git+ssh
-RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts
-
-# Verify newly added known_hosts (man-in-middle mitigation)
 ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
-RUN sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && rm /home/flux/verify_known_hosts.sh
+RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts && \
+    sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && \
+    rm /home/flux/verify_known_hosts.sh
 
 # Add default SSH config, which points at the private key we'll mount
 COPY ./ssh_config /etc/ssh/ssh_config
diff --git a/docker/Dockerfile.helm-operator b/docker/Dockerfile.helm-operator
index 5f6a6939b..cf3dd0c2d 100644
--- a/docker/Dockerfile.helm-operator
+++ b/docker/Dockerfile.helm-operator
@@ -6,14 +6,14 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0'
 
 # Add git hosts to known hosts file so we can use
 # StrickHostKeyChecking with git+ssh
-RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts
+ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
+RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts && \
+    sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && \
+    rm /home/flux/verify_known_hosts.sh
+
 # Add default SSH config, which points at the private key we'll mount
 COPY ./ssh_config /etc/ssh/ssh_config
 
-# Verify newly added known_hosts (man-in-middle mitigation)
-ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh
-RUN sh /home/flux/verify_known_hosts.sh /etc/ssh/ssh_known_hosts && rm /home/flux/verify_known_hosts.sh
-
 COPY ./kubectl /usr/local/bin/
 # The Helm client is included as a convenience for troubleshooting
 COPY ./helm /usr/local/bin/