Sometimes you have to SSH into different devices with the same IP address, for example when you flash routers with OpenWrt and want to do initial configuration. One annoyance with that is fingerprint checking, as the fingerprint will be different for every new device but the IP will stay the same.
We can easily disable this fingerprint checking for specific IP addresses or entire subnets. I’ll show you how!
/etc/ssh/ssh_config with your favorite editor, like for example
sudo nano /etc/ssh/ssh_config
And add your hosts, either specific IP addresses or networks using the asterisk for wildcard to the end of the file:
Host 192.168.* StrictHostKeyChecking no UserKnownHostsFile /dev/null Host 172.18.* StrictHostKeyChecking no UserKnownHostsFile /dev/null Host 172.17.* StrictHostKeyChecking no UserKnownHostsFile /dev/null Host 172.16.* StrictHostKeyChecking no UserKnownHostsFile /dev/null
This is an example configuration that will set
no for each host that matches the
Host entry, which means it won’t ask you to confirm the fingerprint. The
UserKnownHostsFile is set to
/dev/null which means the host you’re connecting to will be remembered nowhere, or simply put, forgotten.
Note that if you’re on a newer version of SSH you might have the directory
/etc/ssh/ssh_config.d where you can simply put config files that end in .conf which will automatically be included. In that case, instead of writing to
/etc/ssh/ssh_config you should create a new file like
/etc/ssh/ssh_config.d/trusted_hosts.conf and insert your config there.
That’s all there is to it!
Leave A Comment