HowTo: Disable SSH Host Key Checking

By default, the SSH client verifies the identity of the host to which it connects.

If the remote host key is unknown to your SSH client, you would be asked to accept it by typing "yes" or "no".

This could cause a trouble when running from script that automatically connects to a remote host over SSH protocol.

This article explains how to bypass this verification step by disabling host key checking.

The Authenticity Of Host Can't Be Established

When you log into a remote host that you have never connected before, the remote host key is most likely unknown to your SSH client, and you would be asked to confirm its fingerprint:

The authenticity of host ***** can't be established.
RSA key fingerprint is *****.
Are you sure you want to continue connecting (yes/no)?

If your answer is yes, the SSH client continues login, and stores the host key locally in the file ~/.ssh/known_hosts.

If you would like to bypass this verification step, you can set the "StrictHostKeyChecking" option to "no" on the command line:

$ ssh -o "StrictHostKeyChecking=no" user@host

This option disables the prompt and automatically adds the host key to the ~/.ssh/known_hosts file.

Remote Host Identification Has Changed

However, even with "StrictHostKeyChecking=no", you may be refused to connect with the following warning message:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ***** has changed and you have requested strict checking.
Host key verification failed.

If you are sure that it is harmless and the remote host key has been changed in a legitimate way, you can skip the host key checking by sending the key to a null known_hosts file:

$ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" user@host

You can also set these options permanently in ~/.ssh/config (for the current user) or in /etc/ssh/ssh_config (for all users), either for all hosts or for a given set of IP addresses:

Disable SSH Host Key Checking For All Hosts

Host *
   StrictHostKeyChecking no

Disable SSH Host Key Checking For

Host 192.168.0.*
   StrictHostKeyChecking no