Saturday, November 16, 2024
Google search engine
HomeGuest BlogsHow To Disable SSH Host Key Checking on Linux

How To Disable SSH Host Key Checking on Linux

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

In this article, you’ll learn to disable SSH host key checking on a Linux machine – Ubuntu / Debian / CentOS / Fedora / Arch and any other system running Linux. In SSH host key checking, ssh checks a database containing identification for all hosts it has ever been accessed. It maintains the host keys in ~/.ssh/known_hosts file which is located in the user’s home directory.

$ ls -1 ~/.ssh/
authorized_keys
config
id_rsa
id_rsa.pub
known_hosts

When a host’s identification has changed, ssh client warns about it and disables password authentication to ensure no man-in-the-middle attacks or server spoofing can occur.

The argument used to control this setting is StrictHostKeyChecking. It has three possible values:

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

  • yes : If set to “yes“, ssh will never automatically add host keys to the ~/.ssh/known_hosts file and will refuse to connect to a host whose host key has changed.
  • no: When set to “no“, ssh will automatically add new host keys to the user known hosts files.
  • ask: If set to “ask” (default), new host keys will be added to the user known host files only after the user has confirmed the action and ssh will refuse to connect to hosts whose host key has changed.

To disable SSH Host Key Checking on Linux, the value has to be set to no and UserKnownHostsFile set to redirect to /dev/null.

Generate SSH keys if you don’t have it already. Setting passphrase is optional.

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): <optional>
Enter same passphrase again: <optional>
Your identification has been saved in /home/debian/.ssh/id_rsa.
Your public key has been saved in /home/debian/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/2A71cIaTTuuDJ6C2gatFk5/6WAq3JyLCfppkAfdQzM debian@deb10
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|    E            |
| . o o           |
|. . o       .    |
| o . .  S  + o   |
|o = .    .. B .  |
|o=o=+. .. += o   |
|+.BO+.+. =o+.    |
|.B=+oo..o +o.    |
+----[SHA256]-----+

The ssh directory for your local user is ~/.ssh

$ ls -1  ~/.ssh
authorized_keys
id_rsa
id_rsa.pub

Make sure the files have correct permissions.

for file in authorized_keys id_rsa; do
 chmod 0400 ~/.ssh/${file}
done

Create a local ssh configuration file.

touch ~/.ssh/config

Add the following settings to created configuration file.

cat << EOF > ~/.ssh/config
Host *
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
EOF

Set correct ownership for the file.

chmod 0400 ~/.ssh/config

You should be able to Login without SSH host key checking.

$ ssh [email protected]
Warning: Permanently added '10.1.1.11' (ECDSA) to the list of known hosts.
Enter passphrase for key '/home/centos/.ssh/id_rsa': 
...
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 17 17:35:34 2019 from 10.1.1.10
debian@deb:~$ 

More on ssh.

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments