How to Skip Are You Sure You Want to Continue Connecting Yes no Message

8 Answers 8

Use the -o option,

                ssh -o "StrictHostKeyChecking no" user@host                              

Oliver Salzburg's user avatar

answered Mar 29, 2010 at 10:53

thegeek's user avatar

4

  • You may want to use an alternate identity file with the flag '-i'

    Apr 22, 2013 at 10:08

  • What use would using an alternate identity file be? I mean, if you're connecting to a compromised host, what difference does it make how you authenticate - it's not like the compromised host can steal your key too.

    Jun 2, 2015 at 10:16

  • Perfectly valid answer. Just please note that this is insecure, and it opens you up to "man-in-the-middle" attacks.

    May 6, 2021 at 22:18

  • On my computer a related man page (man 5 ssh_config) says that there are more alternatives to no, including accept-new, where ssh "will automatically add new host keys to the user known hosts files, but will not permit connections to hosts with changed host keys." This seems like it would still solve this problem in many cases while being more secure. (There is also yes, which skips the prompt and rejects unknown and changed hosts. Also off is the same as no and ask is the default, which prompts.)

    Sep 29 at 17:11

answered Aug 6, 2013 at 21:56

JimFred's user avatar

4

  • Pity I can only upvote you once. Setting KnownHosts to /dev/null is genius.

    Aug 8, 2014 at 15:15

  • Your the smartest one.

    Sep 5, 2014 at 20:08

  • Ha! Tell my wife.

    Sep 6, 2014 at 21:16

  • This should be the answer

    Nov 18, 2020 at 12:21

You should only get this the first time you connect to a new host. After you respond yes the host gets stored in ~/.ssh/known_hosts and you won't get prompted the next time you connect.

Note that if ~/.ssh/known_hosts can not be written for any reason (e.g. permissions problem) then you will get prompted every time you connect.

answered Mar 29, 2010 at 9:47

Paul R's user avatar

5

  • The question is is there anyway to avoid the prompt?

    Mar 29, 2010 at 10:44

  • I tried adding "CheckHostIP no" to /etc/ssh/ssh_config file. But it does not seem to be working

    Mar 29, 2010 at 10:46

  • sudo chown -R user:user .ssh ; sudo chmod 700 .ssh; sudo chmod -R 600 .ssh/ ; ssh-keygen -R $hostname and reconnect that should take ALL problems out and ONLY ever re-prompt if a ssk_Hostkey is mucked with | changed or you are victim to a MITM.

    Dec 12, 2015 at 23:28

  • it says "everytime" so this answer is super appropriate

    Jan 23, 2018 at 14:27

  • No, it's a terrible answer, because obviously IT KEEPS HAPPENING to the guy, or he wouldn't have asked the question. And to me, too, because I have an IT department that decides they need to "clean out" the known_hosts files on a regular basis.

    Sep 3, 2020 at 0:56

The best way (because it does not sacrifice security) is to connect once to all computers from one client (you'll be prompted every time, always answer yes). As pointed out in the other answer, the keys will then be stored in ~/.ssh/known_hosts. Then copy this file to every client computer you might later want to connect from (possibly for each user account you use). Then all these accounts will "know" the computers, hence no prompt.

The advantage over just disabling the prompt is that SSH can actually check if there is a MITM attack.

answered Jun 8, 2010 at 22:29

sleske's user avatar

1

  • Although, if you often ssh via forward connections, you will want to add this to /etc/ssh/ssh_config: Host 127.0.0.1 NoHostAuthenticationForLocalhost yes

    Jun 2, 2015 at 10:14

If you want to disable the confirmation, rather than the authentication, you can use the option: "-o CheckHostIP=no"

                ssh -i sergeys_rsa_key.pem -o CheckHostIP=no brin@8.8.8.8                              

answered Jul 11, 2015 at 23:20

R J's user avatar

1

  • The OP has already got the same answer and accepted it.

    Jul 12, 2015 at 4:03

I had faced a similar issue where despite using the above mentioned verified solution, my ssh was not working and it was because the known_hosts file was missing from ~/.ssh/ directory and the File System was read only. SO during run time also I was unable to create the ~/.ssh/known_hosts file.

If you face the similar issue then see if you can write the known_hosts file in the /tmp location. This is mostly write enabled even in a read-only file system.

Later in the ssh command you can specify the ssh to read the known_hosts file from /tmp location.

              ssh -o UserKnownHostsFile=/tmp/known_hosts -o StrictHostKeyChecking=no user_name@destination_server_ip                          

answered Jan 27, 2020 at 7:10

Rohit Agrawal's user avatar

This is probably because your ssh key server changed, since server ip or domain is the same but ssh key mismatch.

You must remove the stored key in /home/$user/.ssh/known_hosts to avoid this message.

I fixed it removing all keys in that file, so new token is created for this domain name.

answered Dec 12, 2015 at 18:09

IvanReed's user avatar

1

  • Key changed produces a much uglier message with a box of atsigns and WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! and IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! in all-caps. The message in the question occurs only if there is not already an entry in known_hosts.

    Dec 15, 2015 at 6:15

Check the permissions on your ~/.ssh/known_hosts file. Mine were incorrect when I got this problem. I fixed it with:

              chmod 0600 ~/.ssh/known_hosts                          

answered Nov 9, 2018 at 12:14

Rebecca's user avatar

wilsonworning.blogspot.com

Source: https://superuser.com/questions/125324/how-can-i-avoid-sshs-host-verification-for-known-hosts

0 Response to "How to Skip Are You Sure You Want to Continue Connecting Yes no Message"

Postar um comentário

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel