Home » Questions » Computers [ Ask a new question ]

How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys? [duplicate]

How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys? [duplicate]

How do I skip the "known_host" question the first time I connect to a machine via SSH with public/private keys?

Asked by: Guest | Views: 325
Total answers/comments: 4
bert [Entry]

"You can get the public key, add it to known_hosts file and then rehash it:

ssh-keyscan -t rsa hostname >> .ssh/known_hosts
ssh-keygen -H
rm .ssh/known_hosts.old"
bert [Entry]

"You can disable the checking, but of course that is less secure. In an ideal situation what you should do is get someone that already has access to the machine to grab it's public host key and tell ssh to use it. i.e.: take the output of:

cat /etc/ssh/ssh_host_rsa_key.pub

prepend the hostname of the machine, and add that line to the ~/.ssh/known_hosts file on your machine. You'll end up with something that looks like:

myhost.example.com ssh-rsa AAAAB3Netc...

Alternately, if you just want to grab the fingerprint of the key, which may be easier to transfer over a limited bandwidth channel (like a phone call), you can have your helper run:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub"
"You can disable the checking, but of course that is less secure. In an ideal situation what you should do is get someone that already has access to the machine to grab it's public host key and tell ssh to use it. i.e.: take the output of:

cat /etc/ssh/ssh_host_rsa_key.pub

prepend the hostname of the machine, and add that line to the ~/.ssh/known_hosts file on your machine. You'll end up with something that looks like:

myhost.example.com ssh-rsa AAAAB3Netc...

Alternately, if you just want to grab the fingerprint of the key, which may be easier to transfer over a limited bandwidth channel (like a phone call), you can have your helper run:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub"
bert [Entry]

If you just want to temporarily disable host checking, so you can log into a LiveCD system, for instance, rename ~/.ssh/known_hosts to something else, and then change it back when you're done.
bert [Entry]

"Add ""StrictHostKeyChecking no"" to /etc/ssh/ssh_config
cd ~/.ssh
rm known_hosts
ln -s /dev/null known_hosts

Bingo"