How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?
Solution 1
All the other current answers are missing the UserKnownHostsFile=/dev/null
If you just want to do it once you can use:
ssh -o StrictHostKeychecking=no hostname
If you want to do it repeatedly you should add something like the following to your ~/.ssh/config
Host 192.168.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
To configure this on OpenSSH for Windows simply replace /dev/null with NUL.
Good explanation from: http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html
Solution 2
Turn StrictHostKeyChecking off via ssh_config or command line options.
Solution 3
You can get the public key, add it to known_hosts file and then rehash it:
ssh-keyscan -t rsa hostname >> .ssh/known_hosts
ssh-keygen -H
rm .ssh/known_hosts.old
Solution 4
This took me a while to find. The most common usecase I've seen is when you've got ssh tunnels to remote networks. All the solutions here produced warnings which broke my scripts (nagios).
The option I needed was:
NoHostAuthenticationForLocalhost yes
Which, as the name suggests also only applies to localhost.
Solution 5
$ ssh -o StrictHostKeychecking=no hostname
This will cause the check to be skipped and the remote host's key to automatically be added on first login. (There's also the option CheckHostIP, but it doesn't seem to actually disable the check for whether a key exists at all).
Related videos on Youtube
15 : 46
08 : 26
06 : 14
10 : 12
18 : 46
Admin
Updated on September 17, 2022Comments
-
Admin over 1 year
How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?
-
Jason Axelson about 6 yearsWhy was this marked as the duplicate when it predates the other question?
-
-
Doug Harris over 14 years/etc/ssh/ssh_config or ~/.ssh/config --- or whatever the equivalent is on windows if that's your client platform
-
metavida about 12 yearsI also like to use UserKnownHostsFile so that the signature isn't remembered on my system. A nice trick:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeychecking=no hostname -
vonbrand about 11 yearsYou do know what kind of attack this question is supposed to prevent, do you?
-
Adam Lewis over 8 yearsI've been hunting for away to filter out a subnet for months (not actively), this is exactly what I've been wanting. We have a small development network with dhcp and our devices are always getting new IP address, this making connecting to them MUCH easier. Thanks!
-
nethero about 3 yearsThis answer should be nuked back to the stone age and wiped from existence. Can someone actually delete it?
