How to bypass the SSH host key check

If you’ve ever connected to a new server via SSH, you were probably greeted with
a message about how the authenticity of the host couldn’t be established. The
message and prompt looks something like this:

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:nKYgfKJByTtMbnEAzAhuiQotMhL+t47Zm7bOwxN9j3g.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

More than likely you typed in yes, the host was added to your
~/.ssh/known_hosts file, and you were never bothered again.

That’s my usual work flow as well, but I also connect to a TON of brand new
servers to do my VPS showdown posts. Up until recently, I would have to type in
yes for every server I was connecting to, and it made it quite cumbersome to
fully automate some of the benchmarks so they could run 100% unattended.

Finally fed up, I set out to figure out how the heck I could get around the
prompt. My first attempt, I tried to pipe in the yes command to SSH thinking
that would just get around the prompt.

No dice.

Next up, I read up the man page for ssh and found that were is a
configuration option that I could include, called StrictHostKeyChecking.

The thing was, I didn’t necessarily want to make skipping that check my new
normal. I wanted to be able to pass in an argument to the command so that I
could skip the check in my other script, so setting things up in my
~/.ssh/config wasn’t a good option.

After rooting around a bit more, I wasn’t actually able to find an argument that
married up with that particular option.

A bit more research revealed that there’s actually a way to pass in any of the
configuration options you’d like to ssh by way of the -o argument. You can
pass it options in the same format that you’d use in your configuration file, so
the syntax is quite familiar.

Knowing the option I wanted to set, and the method in which to do so, I was able
to bypass the pesky host key check with ease:

ssh -o "StrictHostKeyChecking=no" user@

When bypassing the strict host key check, the host will still end up in your
~/.ssh/know_hosts file. A more ideal scenario for me would be to skip adding
a host to that file, since it’s throw away servers, but it’s not a big enough
concern to put any additional time into it.

The -o argument also works wonders on ssh-copy-id:

ssh-copy-id -o "StrictHostKeyChecking=no" -i ~/.ssh/id_rsa user@
Josh Sherman - The Man, The Myth, The Avatar

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.

If you found this article helpful, please consider buying me a coffee.