How to Disable Strict Host Key Checking on Local Network

If you do a lot of ssh-ing on a local network with constantly changing hardware, you’re going to run into problems where stored known RSA keys don’t match up if the next device to use an IP address has a different signature.

Something like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
e8:73:0c:61:f8:cc:4c:95:25:ed:76:bc:35:bc:5d:c4.
Please contact your system administrator.
Add correct host key in /home/heidi/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/heidi/.ssh/known_hosts:1
remove with: ssh-keygen -f "/home/sam/.ssh/known_hosts" -R 192.168.1.25
RSA host key for 192.168.1.25 has changed and you have requested strict checking.
Host key verification failed.

To fix this, just add the following lines above Host * in your ssh config file. This file can be found at /etc/ssh/ssh_config on Ubuntu systems, but might be somewhere else on your system. You’ll need to sudo edit it to make changes.

Host 192.168.1.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

You can also specify other settings if you’d like, such as default user and port.

Leave a Reply