How to Disable SSH Stricthostkeychecking

Loading

The SSH server has default enabled the strict host key checking. When the key checking is enabled, the SSH client connects only to those hosts that are stored in the known host’s file under~/.ssh/known_hosts and for host keys not in the known host list, the sessions are rejected.

But when using shell scripts, we do want to disable the strict host check.

An ON flag rejects incoming SSH host keys from remote servers that are not in the known host list while an OFF flag accepts SSH host keys from remote servers and those not in the known host’s list.

Define a Config File

To disable host checking for all hosts connecting in, add an entry as shown

Create an empty file under ~/.ssh/config

vi ~/.ssh/config 

For all hosts

Host *
    StrictHostKeyChecking no

Allow root login from one IP address with ssh public keys on it.

Host 172.27.13.20
    StrictHostKeyChecking no

Change the config file to read-only by issuing the command

sudo chmod 400 ~/.ssh/config 

Verify sshd configuration

sudo sshd -T

Finally, restart the sshd service

systemctl restart sshd

Limit Access with the Match option

And what if you want to allow a few IP address subnets?

Under /etc/ssh/sshd_config,add the following

Match Address 192.168.11.0/24,172.27.13.0/24
PermitRootLogin yes
Match User root,gpfsadmin

We have successfully disabled the strict host key checking in SSH.

(Visited 23 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.