The SSH server has default enabled the strict host key checking. When the key checking is enabled, the SSH client connects only to those hosts that are stored in the known host’s file under~/.ssh/known_hosts
and for host keys not in the known host list, the sessions are rejected.
But when using shell scripts, we do want to disable the strict host check.
An ON flag rejects incoming SSH host keys from remote servers that are not in the known host list while an OFF flag accepts SSH host keys from remote servers and those not in the known host’s list.
Define a Config File
To disable host checking for all hosts connecting in, add an entry as shown
Create an empty file under ~/.ssh/config
vi ~/.ssh/config
For all hosts
Host * StrictHostKeyChecking no
Allow root login from one IP address with ssh public keys on it.
Host 172.27.13.20 StrictHostKeyChecking no
Change the config file to read-only by issuing the command
sudo chmod 400 ~/.ssh/config
Verify sshd configuration
sudo sshd -T
Finally, restart the sshd service
systemctl restart sshd
Limit Access with the Match option
And what if you want to allow a few IP address subnets?
Under /etc/ssh/sshd_config,add the following
Match Address 192.168.11.0/24,172.27.13.0/24
PermitRootLogin yes
Match User root,gpfsadmin
We have successfully disabled the strict host key checking in SSH.