Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ssh: The authenticity of host 'hostname' can't be established

Tags:

ssh

ssh-keys

rsa-key-fingerprint

People also ask

What does SSH Keyscan do?

ssh-keyscan is a command for gathering the public host keys for a number of hosts. It aids in building and verifying ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable for use by shell and Perl scripts.

How do I create an SSH key?

Open a terminal and use the ssh-keygen command with the -C flag to create a new SSH key pair. Replace the following: KEY_FILENAME : the name for your SSH key file. For example, a filename of my-ssh-key generates a private key file named my-ssh-key and a public key file named my-ssh-key.

Depending on your ssh client, you can set the StrictHostKeyChecking option to no on the command line, and/or send the key to a null known_hosts file. You can also set these options in your config file, either for all hosts or for a given set of IP addresses or host names.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

EDIT

As @IanDunn notes, there are security risks to doing this. If the resource you're connecting to has been spoofed by an attacker, they could potentially replay the destination server's challenge back to you, fooling you into thinking that you're connecting to the remote resource while in fact they are connecting to that resource with your credentials. You should carefully consider whether that's an appropriate risk to take on before altering your connection mechanism to skip HostKeyChecking.

Reference.


Old question that deserves a better answer.

You can prevent interactive prompt without disabling StrictHostKeyChecking (which is insecure).

Incorporate the following logic into your script:

if [ -z "$(ssh-keygen -F $IP)" ]; then
  ssh-keyscan -H $IP >> ~/.ssh/known_hosts
fi

It checks if public key of the server is in known_hosts. If not, it requests public key from the server and adds it to known_hosts.

In this way you are exposed to Man-In-The-Middle attack only once, which may be mitigated by:

  • ensuring that the script connects first time over a secure channel
  • inspecting logs or known_hosts to check fingerprints manually (to be done only once)

To disable (or control disabling), add the following lines to the beginning of /etc/ssh/ssh_config...

Host 192.168.0.*
   StrictHostKeyChecking=no
   UserKnownHostsFile=/dev/null

Options:

  • The Host subnet can be * to allow unrestricted access to all IPs.
  • Edit /etc/ssh/ssh_config for global configuration or ~/.ssh/config for user-specific configuration.

See http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

Similar question on superuser.com - see https://superuser.com/a/628801/55163


Make sure ~/.ssh/known_hosts is writable. That fixed it for me.


The best way to go about this is to use 'BatchMode' in addition to 'StrictHostKeyChecking'. This way, your script will accept a new hostname and write it to the known_hosts file, but won't require yes/no intervention.

ssh -o BatchMode=yes -o StrictHostKeyChecking=no [email protected] "uptime"

Related questions

git pushes with wrong user from terminal
Bash script to set up a temporary SSH tunnel
Git's famous "ERROR: Permission to .git denied to user"
How do I mount a remote Linux folder in Windows through SSH? [closed]
How to execute a MySQL command from a shell script?
.ssh/config: "Bad configuration option: UseKeychain" on Mac OS Sierra 10.12.6
Use Expect in a Bash script to provide a password to an SSH command
Heroku 'Permission denied (publickey) fatal: Could not read from remote repository' woes
How to pass the password to su/sudo/ssh without overriding the TTY?
Convert PEM to PPK file format
Git SSH error: "Connect to host: Bad file number"
"User interaction is not allowed" trying to sign an OSX app using codesign
Disable password authentication for SSH [closed]
Vagrant ssh authentication failure
Error: Can't open display: (null) when using Xclip to copy ssh public key [closed]
Use PPK file in Mac Terminal to connect to remote connection over SSH [closed]
ssh: Could not resolve hostname [hostname]: nodename nor servname provided, or not known [closed]
How to ssh to vagrant without actually running "vagrant ssh"?
How do you install ssh-copy-id on a Mac?
SSH to Vagrant box in Windows?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!