Internal

• ssh

Overview

The ssh client verifies the identity of the host it connects to, by checking its host key. If the remote host is not known to your system - meaning that its host key is not present in ~/.ssh/known_hosts, the ssh client interactively asks you to accept the host key's to be written into the file:

The authenticity of host '[192.168.1.8]:22 ([192.168.1.8]:22)' can't be established.
ECDSA key fingerprint is 83:59:aa:33:10:98:48:f9:12:96:c4:e3:c2:75:50:b6.
Are you sure you want to continue connecting (yes/no)? yes

When run interactively this is usually not a problem, but the behavior could cause problems when ssh is run from a script, so there are situations when we want to inhibit this behavior, by disabling key checking.

Bypass the Interactive Challenge

You can instruct the ssh client to skip the "Are you sure ..." interactive phase and write the key into ~/.ssh/known_hosts without asking.

This is done as follows:

ssh -o "StrictHostKeyChecking=no" ...

This method works if the remote host is the first seen on your system, or its host key has not changed. However, if the host key has changed, ssh will issue a warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
*****
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:10
RSA host key for ***** has changed and you have requested strict checking.
Host key verification failed.