How to disable strict host key checking in ssh?

I would like to disable strict host key checking in ssh for Ubuntu 11.04. How to do it?


Solution 1:

In your ~/.ssh/config (if this file doesn't exist, just create it):

Host *
    StrictHostKeyChecking no

This will turn it off for all hosts you connect to. You can replace the * with a hostname pattern if you only want it to apply to some hosts.

Make sure the permissions on the file restrict access to yourself only:

sudo chmod 400 ~/.ssh/config

Solution 2:

Rather than adding it to your ~/.ssh/config file for all Host *, it would be a safer to specify a particular host.

You can also pass a parameter on the command-line like this:

ssh -o StrictHostKeyChecking=no yourHardenedHost.com

This will automatically add the host key to your known_hosts file if it's not already there.

If there's a mismatch, it will display a big warning and not update known_hosts. It will also disable password-based authentication to prevent MITM attacks. Private key authentication will still automatically get through though, which you may not want.