How to accept ssh host keys automatically on Linux

When you connect to a ssh server for the first time, you will be shown a fingerprint, a hash of its full host key, and asked to confirm its validity, and accept the host key. Once confirmed, the host key will be added to ~/.ssh/known_hosts file. However, in a controlled environment where the authenticity of ssh hosts is already known, you may want to automatically accept a new host key without checking. This will be useful when you ssh/scp in a non-interactive batch processing script.

In this post, I will describe how to automatically accept ssh host keys on Linux.

The ssh command allows you to use "-oStrictHostKeyChecking=[yes|no]" command line option to enable or disable ssh host key checking. To ssh without strict host key checking, run the following.

$ ssh -oStrictHostKeyChecking=no user@remote_host

In this case, you will not be prompted to accept a host key. Note that you may still see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" message if the host key does not match with a previously added host key of the same host. If you don't want any such warning, you can use "-oUserKnownHostsFile=/dev/null" option, which makes ssh not use ~/.ssh/known_hosts, and so makes such warnings disappear.

$ ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null user@remote_host

If you want to disable strict host key checking permanently in ssh, you can use ssh configuration (i.e., ~/.ssh/config or /etc/ssh/ssh_config). In this case, you can selectively disable ssh host key checking for particular hosts. For example, add the following to either ~/.ssh/config or /etc/ssh/ssh_config.

To disable host key checking for a particular host (e.g., remote_host.com):

Host remote_host.com
    StrictHostKeyChecking no

To turn off host key checking for all hosts you connect to:

Host *
    StrictHostKeyChecking no

To avoid host key verification, and not use known_hosts file for 192.168.1.* subnet:

Host 192.168.0.*
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

Leave a comment

Your email address will not be published. Required fields are marked *

Current ye@r *