How can I avoid SSH's host verification for known hosts?
I get the following prompt everytime I try to connect a server using SSH. I type "yes", but is there a way to aovid this?
The authenticity of host '111.222.333.444 (111.222.333.444)' can't be established.
RSA key fingerprint is f3:cf:58:ae:71:0b:c8:04:6f:34:a3:b2:e4:1e:0c:8b.
Are you sure you want to continue connecting (yes/no)?
Solution 1:
Use the -o
option,
ssh -o "StrictHostKeyChecking no" user@host
Solution 2:
Add the following lines to the beginning of /etc/ssh/ssh_config
...
Host 192.168.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Options:
- The Host subnet can be
*
to allow unrestricted access to all IPs. - Edit
/etc/ssh/ssh_config
for global configuration or~/.ssh/config
for user-specific configuration.
See http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html
Solution 3:
You should only get this the first time you connect to a new host. After you respond yes
the host gets stored in ~/.ssh/known_hosts
and you won't get prompted the next time you connect.
Note that if ~/.ssh/known_hosts
can not be written for any reason (e.g. permissions problem) then you will get prompted every time you connect.
Solution 4:
The best way (because it does not sacrifice security) is to connect once to all computers from one client (you'll be prompted every time, always answer yes). As pointed out in the other answer, the keys will then be stored in ~/.ssh/known_hosts. Then copy this file to every client computer you might later want to connect from (possibly for each user account you use). Then all these accounts will "know" the computers, hence no prompt.
The advantage over just disabling the prompt is that SSH can actually check if there is a MITM attack.
Solution 5:
If you want to disable the confirmation, rather than the authentication, you can use the option: "-o CheckHostIP=no"
ssh -i sergeys_rsa_key.pem -o CheckHostIP=no [email protected]