How to Disable SSH Host Key Check on Linux – Ubuntu / Debian / CentOS / Fedora
In this article, you will learn to disable SSH host key checking on Linux computers (Ubuntu / Debian / CentOS / Fedora / Arch and other systems running Linux). In the SSH host key check, ssh checks a database that contains the identities of all hosts that have been visited. It keeps the host key at ~/.ssh/known_hosts A file located in the user’s home directory.
$ ls -1 ~/.ssh/ authorized_keys config id_rsa id_rsa.pub known_hosts
When the identity of the host changes, the ssh client warns about this and disables password authentication to ensure that no man-in-the-middle attacks or server spoofing will occur.
The parameters used to control this setting are StrictHostKeyChecking. It has three possible values:
- Yes: If set to “yes”, ssh will never automatically add the host key to
~/.ssh/known_hostsFile and refuse to connect to the host whose host key has changed. - No: When set to “no”, ssh will automatically add the new host key to the host file known to the user.
- ask: If set to “Ask” (default), the new host key will be added to the host file known to the user only after the user confirms the operation, and ssh will refuse to connect to the host whose host key has changed.
To disable SSH host key checking on Linux, the value must be set to No with UserKnownHostsFile Set redirection to / dev / null.
If you don’t have an SSH key yet, generate it. Setting a password is optional.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/debian/.ssh/id_rsa): Enter passphrase (empty for no passphrase):Enter same passphrase again: Your identification has been saved in /home/debian/.ssh/id_rsa. Your public key has been saved in /home/debian/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/2A71cIaTTuuDJ6C2gatFk5/6WAq3JyLCfppkAfdQzM [email protected] The key's randomart image is: +---[RSA 2048]----+ | | | E | | . o o | |. . o . | | o . . S + o | |o = . .. B . | |o=o=+. .. += o | |+.BO+.+. =o+. | |.B=+oo..o +o. | +----[SHA256]-----+
The ssh directory of the local user is ~ / .Ssh
$ ls -1 ~/.ssh
authorized_keys
id_rsa
id_rsa.pubMake sure the file has the correct permissions.
for file in authorized_keys id_rsa; do
chmod 0400 ~/.ssh/${file}
doneCreate a local ssh configuration file.
touch ~/.ssh/configAdd the following settings to the profile you created.
cat << EOF > ~/.ssh/config
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
EOFSet the correct ownership for the file.
chmod 0400 ~/.ssh/configYou should be able to log in without checking the SSH host key.
$ ssh [email protected] Warning: Permanently added '10.1.1.11' (ECDSA) to the list of known hosts. Enter passphrase for key '/home/centos/.ssh/id_rsa': Linux deb10 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Sep 17 17:35:34 2019 from 10.1.1.10 [email protected]:~$
More information on SSH.
How to change the SSH port on CentOS / RHEL 7/8 and Fedora with SELinux
How to disable SSH reverse DNS lookup in Linux / Unix systems
How to set up two factor (2FA) authentication for SSH on CentOS / RHEL
Easy way to create SSH tunnel on Linux CLI
How to change or update SSH key password on Linux / Unix