ssh The authenticity of host hostname can t be established

Question

When i ssh to a machine  sometime i get this error warning and it prompts to say  yes  or  no   This cause some trouble when running from scripts that automatically ssh to other machines   Warning Message    The authenticity of host   lt host gt   can t be established  ECDSA key fingerprint is    SHA256 TER0dEslggzS BROmiE s70WqcYy6bk52fs MLTIptM  Are you sure you want to continue connecting  yes no   yes Warning  Permanently added  pc   ECDSA  to the list of known hosts    Is there a way to automatically say  yes  or ignore this

User · Answer

This warning is issued due the security features  do not disable this feature   It s just displayed once    If it still appears after second connection  the problem is probably in writing to the known hosts file  In this case you ll also get the following message   Failed to add the host to the list of known hosts    You may fix it by changing owner of changing the permissions of the file to be writable by your user   sudo chown -v  USER    ssh known hosts

User · Answer

Old question that deserves a better answer   You can prevent interactive prompt without disabling StrictHostKeyChecking  which is insecure    Incorporate the following logic into your script   if   -z    ssh-keygen -F  IP      then   ssh-keyscan -H  IP  gt  gt     ssh known hosts fi   It checks if public key of the server is in known hosts  If not  it requests public key from the server and adds it to known hosts    In this way you are exposed to Man-In-The-Middle attack only once  which may be mitigated by    ensuring that the script connects first time over a secure channel inspecting logs or known hosts to check fingerprints manually  to be done only once

User · Answer

Make sure    ssh known hosts is writable   That fixed it for me

User · Answer

Add these to your  etc ssh ssh config  Host   UserKnownHostsFile  dev null StrictHostKeyChecking no

User · Answer

Do this -  chmod  w     ssh known hosts  This adds write permission to the file at    ssh known hosts  After that the remote host will be added to the known hosts file when you connect to it the next time

User · Answer

I solve the issue which gives below written error  Error  The authenticity of host  XXX XXX XXX  can t be established  RSA key fingerprint is 09 6c ef cd 55 c4 4f ss 5a 88 46 0a a9 27 83 89   Solution   1  install any openSSH tool  2  run command ssh   3  it will ask for do u add this host like     accept YES  4  This host will add in the known host list  5  Now you are able to connect with this host   This solution is working now

User · Answer

Depending on your ssh client  you can set the StrictHostKeyChecking option to no on the command line  and or send the key to a null known hosts file  You can also set these options in your config file  either for all hosts or for a given set of IP addresses or host names   ssh -o UserKnownHostsFile  dev null -o StrictHostKeyChecking no   EDIT  As  IanDunn notes  there are security risks to doing this  If the resource you re connecting to has been spoofed by an attacker  they could potentially replay the destination server s challenge back to you  fooling you into thinking that you re connecting to the remote resource while in fact they are connecting to that resource with your credentials   You should carefully consider whether that s an appropriate risk to take on before altering your connection mechanism to skip HostKeyChecking   Reference

User · Answer

With reference to Cori s answer  I modified it and used below command  which is working  Without exit  remaining command was actually logging to remote machine  which I didn t want in script  ssh -o StrictHostKeyChecking no user ip of remote machine  exit

User · Answer

I had the same error and wanted to draw attention to the fact that - as it just happened to me - you might just have wrong privileges You ve set up your  ssh directory as either regular or root user and thus you need to be the correct user  When this error appeared  I was root but I configured  ssh as regular user  Exiting root fixed it

User · Answer

Generally this problem occurs when you are modifying the keys very oftenly  Based on the server it might take some time to update the new key that you have generated and pasted in the server  So after generating the key and pasting in the server  wait for 3 to 4 hours and then try  The problem should be solved  It happened with me

User · Answer

To disable  or control disabling   add the following lines to the beginning of  etc ssh ssh config     Host 192 168 0      StrictHostKeyChecking no    UserKnownHostsFile  dev null   Options    The Host subnet can be   to allow unrestricted access to all IPs  Edit  etc ssh ssh config for global configuration or    ssh config for user-specific configuration     See http   linuxcommando blogspot com 2008 10 how-to-disable-ssh-host-key-checking html  Similar question on superuser com - see https   superuser com a 628801 55163

User · Answer

The following steps are used to authenticate yourself to the host  Generate a ssh key  You will be asked to create a password for the key  ssh-keygen -f    ssh id ecdsa -t ecdsa -b 521   above uses the recommended encryption technique   Copy the key over to the remote host  ssh-copy-id -i    ssh id ecdsa user host  N B the user   host will be different to you  You will need to type in the password for this server  not the keys password   You can now login to the server securely and not get an error message   ssh user host  All source information is located here  ssh-keygen

User · Answer

Edit your config file normally located at     ssh config   and at the beggining of the file  add the below lines    Host       User                   your login user     StrictHostKeyChecking  no     IdentityFile            my path id rsa pub   User set to your login user says that this settings belongs to your login user StrictHostKeyChecking set to no will avoid the prompt IdentityFile is path to RSA key    This works for me and my scripts  good luck to you

User · Answer

The best way to go about this is to use  BatchMode  in addition to  StrictHostKeyChecking   This way  your script will accept a new hostname and write it to the known hosts file  but won t require yes no intervention   ssh -o BatchMode yes -o StrictHostKeyChecking no user server example com  uptime

User · Answer

Run this in host server it s premonition issue   chmod -R 700    ssh

User · Answer

Ideally  you should create a self-managed certificate authority  Start with generating a key pair   ssh-keygen -f cert signer    Then sign each server s public host key   ssh-keygen -s cert signer -I cert signer -h -n www example com -V  52w  etc ssh ssh host rsa key pub   This generates a signed public host key    etc ssh ssh host rsa key-cert pub   In  etc ssh sshd config  point the HostCertificate to this file   HostCertificate  etc ssh ssh host rsa key-cert pub   Restart the sshd service   service sshd restart   Then on the SSH client  add the following to    ssh known hosts    cert-authority   example com ssh-rsa AAAAB3Nz   cYwy 1Y2u    The above contains     cert-authority The domain   example com The full contents of the public key cert signer pub    The cert signer public key will trust any server whose public host key is signed by the cert signer private key    Although this requires a one-time configuration on the client side  you can trust multiple servers  including those that haven t been provisioned yet  as long as you sign each server  that is    For more details  see this wiki page

User · Answer

In my case  the host was unkown and instead of typing yes to the question are you sure you want to continue connecting yes no  fingerprint    I was just hitting enter

[ssh] ssh: The authenticity of host 'hostname' can't be established

Examples related to ssh

Examples related to ssh-keys

Examples related to rsa-key-fingerprint