VPS Hosting

VPS Hosting

Buy Now

How to disable strict host key checking

Disabling strict host key checking with SSH helps making connecting to multiple remote systems easier as you don’t have to verify host identities each time but it does come with security concerns as it bypasses SSH’s built in security mechanisms. This guide outlines how to disable strict host key checking using the command line both temporarily and permanently ensuring you’re equipped to streamline secure shell access where appropriate.

Use a one-time override

If you need to bypass host verification for a single session only, use this command:

ssh -o StrictHostKeyChecking=no user@remote-host

This tells SSH to skip the host authenticity prompt and proceed directly to the connection. It’s ideal for automation or quick, temporary access, especially when working with dynamic environments or scripting.

Permanently Disable Host Key Checking in the SSH Config File

For repeated access to the same systems without being prompted to verify host keys you can configure your local SSH client to suppress these checks.

Open or Create the SSH Config File

Use a text editor to open your configuration file:

vi ~/.ssh/config

If the file doesn’t exist, this command will create it.

Apply the Setting for All Hosts

To disable strict host key checking for every host, add:

Host * StrictHostKeyChecking no

This tells SSH to skip verification for all connections initiated from this machine.

Limit the Setting to Specific Hosts (Optional)

For more controlled behaviour, restrict the configuration to individual hosts:

Host 192.168.1.10 StrictHostKeyChecking no

This ensures that only the specified host bypasses verification, maintaining default security for other servers.

Secure Your SSH Configuration File

To prevent unauthorised modifications, set the config file to read-only:

chmod 400 ~/.ssh/config

This limits access to the file owner, adding a layer of protection to your SSH settings.

Important Security Considerations

Strict host key checking is designed to prevent man-in-the-middle attacks by verifying that the remote server is the one you expect. Disabling it skips this safeguard. Therefore, this method should only be used:

  • In trusted environments such as internal networks
  • During development or testing phases
  • Where automation requires non-interactive SSH sessions

Never disable host key checking on production systems connected to untrusted networks unless host identities are managed in another secure way.

Categories