The SSH server has default enabled the strict host key checking. When the key checking is enabled, the SSH client connects only to those hosts that are stored in the known host’s file under~/.ssh/known_hosts and for host keys not in the known host list, the sessions are rejected.
But when using shell scripts, we do want to disable the strict host check.
An ON flag rejects incoming SSH host keys from remote servers that are not in the known host list while an OFF flag accepts SSH host keys from remote servers and those not in the known host’s list.
Define a Config File
To disable host checking for all hosts connecting in, add an entry as shown
Create an empty file under ~/.ssh/config
|
1 |
vi ~/.ssh/config |
For all hosts
|
1 2 |
Host * StrictHostKeyChecking no |
Allow root login from one IP address with ssh public keys on it.
|
1 2 |
Host 172.27.13.20 StrictHostKeyChecking no |
Change the config file to read-only by issuing the command
|
1 |
sudo chmod 400 ~/.ssh/config |
Verify sshd configuration
|
1 |
sudo sshd -T |
Finally, restart the sshd service
|
1 |
systemctl restart sshd |
Limit Access with the Match option
And what if you want to allow a few IP address subnets?
Under /etc/ssh/sshd_config,add the following
|
1 2 3 |
Match Address 192.168.11.0/24,172.27.13.0/24 PermitRootLogin yes Match User root,gpfsadmin |
We have successfully disabled the strict host key checking in SSH.