HowTo Avoid Host Key Verification When Using SSH

Version 4

    When installing a new OS on a server or burning a new image on a switch, the SSH key changes. This change will prevent you from reconnecting to the server/switch.

    The excerpt below shows an example of a reconnection failure.

    $ ssh root@mti-mar-s3

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

    Someone could be eavesdropping on you right now (man-in-the-middle attack)!

    It is also possible that the RSA host key has just been changed.

    The fingerprint for the RSA key sent by the remote host is

    3f:de:fa:d7:98:ab:7e:fb:94:c4:29:c7:97:85:bd:33.

    Please contact your system administrator.

    Add correct host key in /home/ophirm/.ssh/known_hosts to get rid of this message.

    Offending key in /home/ophirm/.ssh/known_hosts:9

    RSA host key for mti-mar-s3 has changed and you have requested strict checking.

    Host key verification failed.

     

    In most cases, the solution is to simply remove the entry in the known_hosts file on the server. However, in some cases there is no option to edit the known_hosts file located under ~/.ssh/known_hosts to address that change.

    $ pwd

    /home/ophirm/.ssh

    $ rm known_hosts

    rm: remove write-protected regular file `known_hosts'? y

    rm: cannot remove `known_hosts': Read-only file system

     

    To workaround this problem, simply run SSH without host key verification as follows:

    $ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@mti-mar-s3

     

    To add the ssh key to the remote host, follow this procedure:

     

    3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id