How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?

Question

score 65 · Answer 1 · edited Feb 25 '14 at 16:22

All the other current answers are missing the UserKnownHostsFile=/dev/null

If you just want to do it once you can use:

ssh -o StrictHostKeychecking=no hostname

If you want to do it repeatedly you should add something like the following to your ~/.ssh/config

Host 192.168.0.*
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null

To configure this on OpenSSH for Windows simply replace /dev/null with NUL.

Good explanation from: http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

score 16 · Answer 2 · answered Aug 06 '09 at 16:13

16

Turn StrictHostKeyChecking off via ssh_config or command line options.

answered Aug 06 '09 at 16:13

chaos

1,689

score 4 · Answer 3 · edited Aug 13 '11 at 06:06

4

This took me a while to find. The most common usecase I've seen is when you've got ssh tunnels to remote networks. All the solutions here produced warnings which broke my scripts (nagios).

The option I needed was:

NoHostAuthenticationForLocalhost yes

Which, as the name suggests also only applies to localhost.

edited Aug 13 '11 at 06:06

Tamara Wijsman

57,881

answered Apr 11 '11 at 05:28

richo

379

score 3 · Answer 4 · answered Oct 11 '13 at 07:48

3

You can get the public key, add it to known_hosts file and then rehash it:

ssh-keyscan -t rsa hostname >> .ssh/known_hosts
ssh-keygen -H
rm .ssh/known_hosts.old

answered Oct 11 '13 at 07:48

egridasov

131

score 2 · Answer 5 · answered Aug 06 '09 at 16:19

$ ssh -o StrictHostKeychecking=no hostname

This will cause the check to be skipped and the remote host's key to automatically be added on first login. (There's also the option CheckHostIP, but it doesn't seem to actually disable the check for whether a key exists at all).

score 1 · Answer 6 · answered Sep 07 '09 at 18:57

You can disable the checking, but of course that is less secure. In an ideal situation what you should do is get someone that already has access to the machine to grab it's public host key and tell ssh to use it. i.e.: take the output of:

cat /etc/ssh/ssh_host_rsa_key.pub

prepend the hostname of the machine, and add that line to the ~/.ssh/known_hosts file on your machine. You'll end up with something that looks like:

myhost.example.com ssh-rsa AAAAB3Netc...

Alternately, if you just want to grab the fingerprint of the key, which may be easier to transfer over a limited bandwidth channel (like a phone call), you can have your helper run:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub

score 0 · Answer 7 · answered Feb 27 '10 at 23:22

0

If you just want to temporarily disable host checking, so you can log into a LiveCD system, for instance, rename ~/.ssh/known_hosts to something else, and then change it back when you're done.

answered Feb 27 '10 at 23:22

endolith

7,704

score -3 · Answer 8 · answered Mar 08 '13 at 17:55

-3

Add "StrictHostKeyChecking no" to /etc/ssh/ssh_config
cd ~/.ssh
rm known_hosts
ln -s /dev/null known_hosts

Bingo

answered Mar 08 '13 at 17:55

Cliff Kennedy

1

How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?

8 Answers8