How to Disable SSH Host Key Check on Linux – Ubuntu / Debian / CentOS / Fedora

In this article, you will learn to disable SSH host key checking on Linux computers (Ubuntu / Debian / CentOS / Fedora / Arch and other systems running Linux). In the SSH host key check, ssh checks a database that contains the identities of all hosts that have been visited. It keeps the host key at ~/.ssh/known_hosts A file located in the user’s home directory.

$ ls -1 ~/.ssh/
authorized_keys
config
id_rsa
id_rsa.pub
known_hosts

When the identity of the host changes, the ssh client warns about this and disables password authentication to ensure that no man-in-the-middle attacks or server spoofing will occur.

The parameters used to control this setting are StrictHostKeyChecking. It has three possible values:

  • Yes: If set to “yes”, ssh will never automatically add the host key to ~/.ssh/known_hosts File and refuse to connect to the host whose host key has changed.
  • No: When set to “no”, ssh will automatically add the new host key to the host file known to the user.
  • ask: If set to “Ask” (default), the new host key will be added to the host file known to the user only after the user confirms the operation, and ssh will refuse to connect to the host whose host key has changed.

To disable SSH host key checking on Linux, the value must be set to No with UserKnownHostsFile Set redirection to / dev / null.

If you don’t have an SSH key yet, generate it. Setting a password is optional.

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/debian/.ssh/id_rsa.
Your public key has been saved in /home/debian/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/2A71cIaTTuuDJ6C2gatFk5/6WAq3JyLCfppkAfdQzM [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|    E            |
| . o o           |
|. . o       .    |
| o . .  S  + o   |
|o = .    .. B .  |
|o=o=+. .. += o   |
|+.BO+.+. =o+.    |
|.B=+oo..o +o.    |
+----[SHA256]-----+

The ssh directory of the local user is ~ / .Ssh

$ ls -1  ~/.ssh
authorized_keys
id_rsa
id_rsa.pub

Make sure the file has the correct permissions.

for file in authorized_keys id_rsa; do
 chmod 0400 ~/.ssh/${file}
done

Create a local ssh configuration file.

touch ~/.ssh/config

Add the following settings to the profile you created.

cat << EOF > ~/.ssh/config
Host *
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
EOF

Set the correct ownership for the file.

chmod 0400 ~/.ssh/config

You should be able to log in without checking the SSH host key.

$ ssh [email protected]
Warning: Permanently added '10.1.1.11' (ECDSA) to the list of known hosts.
Enter passphrase for key '/home/centos/.ssh/id_rsa': 
Linux deb10 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 17 17:35:34 2019 from 10.1.1.10
[email protected]:~$ 

More information on SSH.

How to change the SSH port on CentOS / RHEL 7/8 and Fedora with SELinux

How to disable SSH reverse DNS lookup in Linux / Unix systems

How to set up two factor (2FA) authentication for SSH on CentOS / RHEL

Easy way to create SSH tunnel on Linux CLI

How to change or update SSH key password on Linux / Unix

Sidebar