Since you want your script to blindly continue connecting to newly-known SSH hosts without verifying that the host key is intact (an analogy: getting a person's PGP key from a keyserver and not verifying any signatures on it as opposed to meeting privately to exchange keys), you might as well add -o "StrictHostKeyChecking no" to scp and get rid of the first question.

As for the password, you can change your public SSH key once in 15 days as well. Just make sure to first upload the new one and then switch your client to use it, not otherwise.