How to disable SSH host key checking

SSH clients verify the identity of every server you connect to by checking host keys. This security feature can block automated scripts that cannot handle interactive prompts and creates friction in testing environments where host keys change frequently.

You will disable host key checking either for a single connection or permanently through SSH configuration. This allows connections to proceed without manual verification while understanding the security trade-offs involved.

Bypass host key checking for a single connection

You can disable host key verification for one connection without changing your SSH configuration. This works when you need to connect once without storing the host key.

Run this command, replacing user with your username and remote-host with the server address:

ssh -o StrictHostKeyChecking=no user@remote-host

SSH connects immediately without prompting for verification. The host key is not stored in your known hosts file.

Disable host key checking permanently

If you connect to the same systems repeatedly, configure your SSH client to skip verification automatically. This prevents you from adding command flags every time you connect.

1. Open your SSH configuration file.
   Run nano ~/.ssh/config in your terminal. The file may not exist yet and the command will create it.
2. Add configuration for all hosts.
   To disable checking for every connection, add these lines to the file:

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

The Host * wildcard applies this setting to all SSH connections from your machine. The UserKnownHostsFile /dev/null directive prevents SSH from storing any host keys.

3. Configure specific hosts only.
   To disable checking for particular servers while keeping verification for others, use this format instead:

Host 192.168.1.10
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Host dev-server.example.com
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

Replace the host addresses with your actual server names or IP addresses. Only listed hosts bypass verification and all other connections maintain default security checks.

4. Save and secure the configuration file.
   Save your changes and exit the editor. Then set correct permissions by running chmod 600 ~/.ssh/config to restrict access to your user account only.

Accept new hosts automatically

You can configure SSH to accept new host keys automatically while still verifying servers you have connected to before. This provides a middle ground between full verification and no checking.

Add this configuration to your SSH config file:

Host *
    StrictHostKeyChecking accept-new

The first connection to any server proceeds without a prompt. Subsequent connections verify the stored host key and warn you if it changes. This works well when adding SSH keys to GitHub or mounting remote file systems via SSH where you trust the infrastructure but want to avoid initial prompts.

When to disable host key checking

Host key checking protects against man-in-the-middle attacks. Disabling it removes this security layer.

Use this configuration on internal networks where you control the infrastructure, testing systems where host keys change frequently or CI/CD pipelines that need unattended connections. Avoid disabling verification on production systems connected to untrusted networks. For production SSH access at scale, we recommend implementing SSH certificate authentication instead.

Wrapping up

You can now connect to SSH servers without host key verification prompts. You configured either temporary bypasses for single connections or permanent settings through your SSH config file.

Review your SSH configuration regularly to confirm you are only bypassing verification where necessary. Our VPS hosting includes full SSH access with root privileges for complete server control.