No Hostkeys Directory Can t Verify Host Continue Anyway
8 Answers 8
Use the -o option,
ssh -o "StrictHostKeyChecking no" user@host 
answered Mar 29, 2010 at 10:53
thegeekthegeek
3,690 1 gold badge 16 silver badges 7 bronze badges
4
answered Aug 6, 2013 at 21:56
JimFredJimFred
1,590 1 gold badge 9 silver badges 10 bronze badges
4
-
Pity I can only upvote you once. Setting KnownHosts to /dev/null is genius.
Aug 8, 2014 at 15:15
-
Your the smartest one.
Sep 5, 2014 at 20:08
-
Ha! Tell my wife.
Sep 6, 2014 at 21:16
-
This should be the answer
Nov 18, 2020 at 12:21
You should only get this the first time you connect to a new host. After you respond yes the host gets stored in ~/.ssh/known_hosts and you won't get prompted the next time you connect.
Note that if ~/.ssh/known_hosts can not be written for any reason (e.g. permissions problem) then you will get prompted every time you connect.
answered Mar 29, 2010 at 9:47
Paul RPaul R
5,396 2 gold badges 21 silver badges 28 bronze badges
5
-
The question is is there anyway to avoid the prompt?
Mar 29, 2010 at 10:44
-
I tried adding "CheckHostIP no" to /etc/ssh/ssh_config file. But it does not seem to be working
Mar 29, 2010 at 10:46
-
sudo chown -R user:user .ssh ; sudo chmod 700 .ssh; sudo chmod -R 600 .ssh/ ; ssh-keygen -R $hostname and reconnect that should take ALL problems out and ONLY ever re-prompt if a ssk_Hostkey is mucked with | changed or you are victim to a MITM.
Dec 12, 2015 at 23:28
-
it says "everytime" so this answer is super appropriate
Jan 23, 2018 at 14:27
-
No, it's a terrible answer, because obviously IT KEEPS HAPPENING to the guy, or he wouldn't have asked the question. And to me, too, because I have an IT department that decides they need to "clean out" the known_hosts files on a regular basis.
Sep 3, 2020 at 0:56
The best way (because it does not sacrifice security) is to connect once to all computers from one client (you'll be prompted every time, always answer yes). As pointed out in the other answer, the keys will then be stored in ~/.ssh/known_hosts. Then copy this file to every client computer you might later want to connect from (possibly for each user account you use). Then all these accounts will "know" the computers, hence no prompt.
The advantage over just disabling the prompt is that SSH can actually check if there is a MITM attack.
answered Jun 8, 2010 at 22:29
sleskesleske
22.1k 9 gold badges 63 silver badges 90 bronze badges
1
-
Although, if you often ssh via forward connections, you will want to add this to /etc/ssh/ssh_config: Host 127.0.0.1 NoHostAuthenticationForLocalhost yes
Jun 2, 2015 at 10:14
If you want to disable the confirmation, rather than the authentication, you can use the option: "-o CheckHostIP=no"
ssh -i sergeys_rsa_key.pem -o CheckHostIP=no brin@8.8.8.8 answered Jul 11, 2015 at 23:20
1
-
The OP has already got the same answer and accepted it.
Jul 12, 2015 at 4:03
I had faced a similar issue where despite using the above mentioned verified solution, my ssh was not working and it was because the known_hosts file was missing from ~/.ssh/ directory and the File System was read only. SO during run time also I was unable to create the ~/.ssh/known_hosts file.
If you face the similar issue then see if you can write the known_hosts file in the /tmp location. This is mostly write enabled even in a read-only file system.
Later in the ssh command you can specify the ssh to read the known_hosts file from /tmp location.
ssh -o UserKnownHostsFile=/tmp/known_hosts -o StrictHostKeyChecking=no user_name@destination_server_ip answered Jan 27, 2020 at 7:10
This is probably because your ssh key server changed, since server ip or domain is the same but ssh key mismatch.
You must remove the stored key in /home/$user/.ssh/known_hosts to avoid this message.
I fixed it removing all keys in that file, so new token is created for this domain name.
answered Dec 12, 2015 at 18:09
1
-
Key changed produces a much uglier message with a box of atsigns and
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!andIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!in all-caps. The message in the question occurs only if there is not already an entry inknown_hosts.Dec 15, 2015 at 6:15
Check the permissions on your ~/.ssh/known_hosts file. Mine were incorrect when I got this problem. I fixed it with:
chmod 0600 ~/.ssh/known_hosts answered Nov 9, 2018 at 12:14
Source: https://superuser.com/questions/125324/how-can-i-avoid-sshs-host-verification-for-known-hosts
You may want to use an alternate identity file with the flag '-i'
Apr 22, 2013 at 10:08
What use would using an alternate identity file be? I mean, if you're connecting to a compromised host, what difference does it make how you authenticate - it's not like the compromised host can steal your key too.
Jun 2, 2015 at 10:16
Perfectly valid answer. Just please note that this is insecure, and it opens you up to "man-in-the-middle" attacks.
May 6, 2021 at 22:18
On my computer a related man page (
man 5 ssh_config) says that there are more alternatives tono, includingaccept-new, where ssh "will automatically add new host keys to the user known hosts files, but will not permit connections to hosts with changed host keys." This seems like it would still solve this problem in many cases while being more secure. (There is alsoyes, which skips the prompt and rejects unknown and changed hosts. Alsooffis the same asnoandaskis the default, which prompts.)Sep 29 at 17:11