When you connect to a ssh server for the first time, you will be shown a fingerprint, a hash of its full host key, and asked to confirm its validity, and accept the host key. Once confirmed, the host key will be added to ~/.ssh/known_hosts file. However, in a controlled environment where the authenticity of ssh hosts is already known, you may want to automatically accept a new host key without checking. This will be useful when you ssh/scp in a non-interactive batch processing script.
In this post, I will describe how to automatically accept ssh host keys on Linux.
The ssh command allows you to use "-oStrictHostKeyChecking=[yes|no]" command line option to enable or disable ssh host key checking. To ssh without strict host key checking, run the following.
In this case, you will not be prompted to accept a host key. Note that you may still see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" message if the host key does not match with a previously added host key of the same host. If you don't want any such warning, you can use "-oUserKnownHostsFile=/dev/null" option, which makes ssh not use ~/.ssh/known_hosts, and so makes such warnings disappear.
If you want to disable strict host key checking permanently in ssh, you can use ssh configuration (i.e., ~/.ssh/config or /etc/ssh/ssh_config). In this case, you can selectively disable ssh host key checking for particular hosts. For example, add the following to either ~/.ssh/config or /etc/ssh/ssh_config.
To disable host key checking for a particular host (e.g., remote_host.com):
Host remote_host.com StrictHostKeyChecking no
To turn off host key checking for all hosts you connect to:
Host * StrictHostKeyChecking no
To avoid host key verification, and not use known_hosts file for 192.168.1.* subnet:
Host 192.168.0.* StrictHostKeyChecking no UserKnownHostsFile=/dev/null
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!
Latest posts by Dan Nanni (see all)
- How to install Suricata intrusion detection system on Linux - September 3, 2015
- How to switch from NetworkManager to systemd-networkd on Linux - August 31, 2015
- How to set up a system status page of your infrastructure - August 25, 2015