Ping a Specific Port

Question

alexus

Asked: 2013-12-08 12:06:05 +0800 CST2013-12-08 12:06:05 +0800 CST 2013-12-08 12:06:05 +0800 CST

Temporarily ignore my `~/.ssh/known_hosts` file?

772

Is there a way to temporarily ignore my ~/.ssh/known_hostsfile?

mbp:~ alexus$ ssh 10.52.11.171
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /Users/alexus/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/alexus/.ssh/known_hosts:155
RSA host key for 10.52.11.171 has changed and you have requested strict checking.
Host key verification failed.
mbp:~ alexus$

NOTE:

.. by a few answer(s)/comment(s) i realize that my question is a bit misleading, so short it is expected behavior), so it's normal (in my case) there is a valid reason behind it on why I want to see "ignore it")

7 Answers

Voted

user192911 · Answer 1 · 2013-12-08T12:08:48+08:00

Best Answer

user192911

2013-12-08T12:08:48+08:002013-12-08T12:08:48+08:00

You can use ssh -o StrictHostKeyChecking=no to turn off checking known_hosts momentarily. But I'd advise against this. You should really check why the host key has changed.

Another option is to add a specific entry to your ~/.ssh/config for the host in question. This might be valid approach if you have a certain host which generates new host keys every time it reboots and it gets rebooted for a valid reason several times a day.

Host <your problematic host>
  StrictHostKeyChecking no

100

MattB · Answer 2 · 2014-04-15T12:07:57+08:00

MattB

2014-04-15T12:07:57+08:002014-04-15T12:07:57+08:00

To completely ignore your known hosts file in a POSIX environment, set the GlobalKnownHostsFile and UserKnownHostsFile options to /dev/null:

ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null user@host

Setting the StrictHostKeyChecking=no option will allow you to connect but SSH will still show a warning:

ssh -o StrictHostKeyChecking=no user@host

As others have noted, it's probably better to address the underlying issue. You could consider SSH certificate authentication to verify hosts, for example.

64

etagenklo · Answer 3 · 2013-12-08T14:33:36+08:00

etagenklo

2013-12-08T14:33:36+08:002013-12-08T14:33:36+08:00

If you have reinstalled the server and therefore the Identification has changed, you should just delete the specified line 155 from /Users/alexus/.ssh/known_hosts and go ahead.

If you switch between different private networks, you should use hostnames to connect instead, as the ssh client will also save keys depending on the hostname. Add something like this to your /etc/hosts:

10.52.11.171 server1
10.52.11.171 server2

and then use ssh server1 when connected to subnet 1 and ssh server2 when connected to subnet2. This way, both servers can have different hostkeys.

5

eddso · Answer 4 · 2018-06-28T23:27:43+08:00

eddso

2018-06-28T23:27:43+08:002018-06-28T23:27:43+08:00

Some people say its not right, you don't shold do this and so on, but i need this also to test couple of embedded devices over and over again. You need to disable StrictHostKeyChecking=no, this is right, but also reset known hosts file to /dev/null. Here an exemple with autologin and ps on remote device.

sshpass -p pass ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@host 'ps ax'

4

Jose Sa · Answer 5 · 2015-10-24T07:57:39+08:00

Jose Sa

2015-10-24T07:57:39+08:002015-10-24T07:57:39+08:00

-o StrictHostKeyChecking=no only works if host isn't already present in known_hosts file.

I think it is cleaner (no warnings), if you expect hosts key to change maybe due to vm cloning, to enforce ignoring of those kind of hosts like this:

# Handle possible SSH key changes
host_key=$(ssh-keyscan -t rsa ${host_ip})
grep "${host_key}" ~/.ssh/known_hosts >/dev/null || {
    ssh-keygen -R ${host_ip}
    echo ${host_key} >>  ~/.ssh/known_hosts
}

# connect as normal way
ssh root@${host_ip} "hostname"

3

user609483 · Answer 6 · 2020-12-31T13:03:26+08:00

user609483

2020-12-31T13:03:26+08:002020-12-31T13:03:26+08:00

My alias:

ssh='ssh -q -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null'

-1

Niels · Answer 7 · 2014-04-15T13:15:38+08:00

Niels

2014-04-15T13:15:38+08:002014-04-15T13:15:38+08:00

Log in to all of your servers, (and if RedHat) rm -f /etc/ssh/ssh_host_* and then restart SSHD.

This will create new SSH host keys that do not need to be ignored.

I can think of only one instance where SSH keys cloned on multiple servers is not only desired but also does not throw any warnings. Multiples of one A record. All hosts with the A record have the same key.

-3

Temporarily ignore my `~/.ssh/known_hosts` file?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?