Parameters
This command has some of its parameters which are as follows.
This parameter rejects incoming SSH host keys from remote servers that are not in the known host list.
Contrary to the previous parameter, this value overrides the default value. It accepts SSH host keys from remote servers and those not in the known host’s list.
What is StrictHostKeyChecking in SSH?
SSH automatically checks and maintains a database of identity for all hosts that have ever been used in host key checks. In machines whose host key is changed or unknown, the ssh_config keyword StrictHostKeyChecking controls login.
How to Use SSH Stricthostkeychecking
Host-key checks are disabled by default.
When StrictHostKeyChecking is Disabled
- If the remote server’s host key does not match the known host’s list entry, the connection is denied. SSH clients provide a method for comparing the incoming host key to known host entries when the known host list is disabled.
- SSH automatically adds the client host key to the known host’s list if the host key for the remote server is not in the known host’s list.
When StrictHostKeyChecking is Enabled
As long as strict host key checking is enabled, the SSH client connects only to SSH hosts listed in the known host list. It rejects all other SSH hosts. The SSH client connects using SSH host keys stored in the known hosts’ list in strict host key checking mode.
How to run SSH Stricthostkeychecking
Using Command-Line
We can pass a parameter to it via command-line. We can try it on the command line without any configuration.
But this option is not able to do all that we want. This means that host keys are still appended to .ssh/known_hosts. We trust this. We will not be given any indication of this. On the contrary, if we change the host, 100% we get a big warning about it. By adding another parameter, we can solve this problem. If we ignore checking all hosts, we need to set our known_hosts file to /dev/null so that nothing is ever stored.
If our host key is not already added to the known_hosts file, it will automatically add it.
Not matching hosts prevents updates of known_hosts and displays an adequate warning. Authentication over passwords is disabled to prevent MITM attacks.
This will add all the newly discovered hosts to the Trash Bin. This has the advantage that if a host key changes, then there is no problem.
If we want to set a complete command with a command line, it will be like this.
Using config File
To disable strict host key checking, you will need to create and add content. Defining strings to suppress host key checking is necessary.
If this file is not present in our ~/.ssh/config, we create it.
StrictHostKeyChecking no
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
We can use ‘*’ for all hostnames or * for specific hostnames. It is safer to specify a particular host than to add all hosts * to loop our ~/.ssh/config file.
This turns it off for all the hosts connected by us. If we want to apply it only on some hosts, we can replace ‘*’ with a hostname pattern.
Furthermore, we need to ensure that the file’s permissions are restricted to itself only.
Conclusion
In this article, we learned how to use ssh stricthostkeychecking. To make it work, we first need to enable strict-host-key-checking since it is disabled by default. We also told how it is run. We hope that you will get the proper information from this article explained by us.
