How to automatically accept the remote key when rsyncing?
Solution 1
If they genuinely are new hosts, and you can't add the keys to known_hosts
beforehand (see York.Sar's answer), then you can use this option:
-e "ssh -o StrictHostKeyChecking=no"
Solution 2
You can add this host's key to known_hosts beforehand like this:
ssh-keyscan $someip >> ~/.ssh/known_hosts
Solution 3
I know that this was asked 3 years ago, but this was at the top of my google search and I was unable to get either of these solutions in the middle of a Vagrant script to work correctly for me. So I wanted to put here the method that I found somewhere else.
The solution there talks about updating the ~/.ssh/config
or /etc/ssh/ssh_config
file with the following blocks of code.
To disable host key checking for a particular host (e.g., remote_host.com):
Host remote_host.com
StrictHostKeyChecking no
To turn off host key checking for all hosts you connect to:
Host *
StrictHostKeyChecking no
To avoid host key verification, and not use known_hosts file for 192.168.1.* subnet:
Host 192.168.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
I hope this helps someone else who runs into this issue.
Bravo Delta
Updated on July 06, 2021Comments
-
Bravo Delta almost 3 years
I'm attempting to make a system which automatically copies files from one server to many servers. As part of that I'm using rsync and installing SSH keys, which works correctly.
My problem is that when it attempts to connect to a new server for the first time it will ask for a confirmation. Is there a way to automatically accept?
Example command/output:
rsync -v -e ssh * root@someip:/data/ The authenticity of host 'someip (someip)' can't be established. RSA key fingerprint is somerandomrsakey. Are you sure you want to continue connecting (yes/no)? yes
-
Elisiano Petrini almost 11 yearsmore specifically: -o StrictHostKeyChecking=no or edit either /etc/ssh/ssh_config or ~/.ssh/config)
-
Yorik.sar about 10 yearsThis approach lessens security. One should not use that unless there's no other way (e.g. IP and hostname of the target constantly changing).
-
mxmader about 10 yearsthis actually answers the OP's question, instead of working around it (and arguably circumventing the entire point of using host keys to identify systems using SSH)
-
Andy Baker about 9 years@mxmader - how does it differ? You're still automatically saying yes to "I trust this key" - aren't they equally bad?
-
Yorik.sar about 9 years@andybak: It doesn't turn off host key verification, so you're safe from MITM or smth like that unless your network have already been compromised at the time of
ssh-keyscan
. -
Dave Rix over 8 yearsWe need to use this method (or removal and adding the key with
ssh-keygen -R
andssh-keyscan -H
as our hosts are on AWS and are destroyed each night, then rebuilt each morning - there seems to be no other way that I can find to stop the 'man in the middle' warning thrown by ssh! -
nmgeek about 7 years-o is not an rsync option. It's an ssh option. For rsync add it like this
-e "ssh -o StrictHostKeyChecking=no"
. -
Ken Williams over 5 yearsI agree with @AndyBaker - if you're doing this immediately before running the rsync command, it just moves the trust one line earlier.
-
mxmader over 3 years@AndyBaker not if used only in the case of the "first time" an SSH connection is established as specified by the OP (hence my use of the "file append" operator). For subsequent connections, I agree that the practicality of my answer is logically equivalent to ignoring host keys altogether.