How to bypass the SSH host key check

Josh Sherman
2 min read
Command-line Interface

If you’ve ever connected to a new server via SSH, you were probably greeted with a message about how the authenticity of the host couldn’t be established. The message and prompt looks something like this:

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:nKYgfKJByTtMbnEAzAhuiQotMhL+t47Zm7bOwxN9j3g.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

More than likely you typed in yes, the host was added to your ~/.ssh/known_hosts file, and you were never bothered again.

That’s my usual work flow as well, but I also connect to a TON of brand new servers to do my VPS showdown posts. Up until recently, I would have to type in yes for every server I was connecting to, and it made it quite cumbersome to fully automate some of the benchmarks so they could run 100% unattended.

Finally fed up, I set out to figure out how the heck I could get around the prompt. My first attempt, I tried to pipe in the yes command to SSH thinking that would just get around the prompt.

No dice.

Next up, I read up the man page for ssh and found that were is a configuration option that I could include, called StrictHostKeyChecking.

The thing was, I didn’t necessarily want to make skipping that check my new normal. I wanted to be able to pass in an argument to the command so that I could skip the check in my other script, so setting things up in my ~/.ssh/config wasn’t a good option.

After rooting around a bit more, I wasn’t actually able to find an argument that married up with that particular option.

A bit more research revealed that there’s actually a way to pass in any of the configuration options you’d like to ssh by way of the -o argument. You can pass it options in the same format that you’d use in your configuration file, so the syntax is quite familiar.

Knowing the option I wanted to set, and the method in which to do so, I was able to bypass the pesky host key check with ease:

ssh -o "StrictHostKeyChecking=no" [email protected]

When bypassing the strict host key check, the host will still end up in your ~/.ssh/know_hosts file. A more ideal scenario for me would be to skip adding a host to that file, since it’s throw away servers, but it’s not a big enough concern to put any additional time into it.

The -o argument also works wonders on ssh-copy-id:

ssh-copy-id -o "StrictHostKeyChecking=no" -i ~/.ssh/id_rsa [email protected]
Join the Conversation

Good stuff? Want more?

Weekly emails about technology, development, and sometimes sauerkraut.

100% Fresh, Grade A Content, Never Spam.

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.

Currently Reading

Parasie Eve

Previous Reads

Buy Me a Coffee Become a Sponsor

Related Articles