How to Avoid SSH's "Are you sure you want to continue connecting?" Prompt
If you're tired of seeing the "Are you sure you want to continue connecting (yes/no/[fingerprint])?" prompt every time you SSH into a new server, you're not alone. This security feature, while important, can be a bit of a nuisance for system administrators and developers who frequently connect to new machines. This is especially true when they wish to run a remote command on a newly trusted machine. Let's explore how to streamline this process without completely compromising security.
Understanding the Prompt
First, it's important to understand why this prompt appears. It's a security measure designed to protect you from man-in-the-middle attacks by verifying the authenticity of the server you're connecting to. However, in controlled environments or for non-critical systems, you might want to bypass this prompt.
The Quick Fix: StrictHostKeyChecking
One simple way to avoid this prompt is by using the StrictHostKeyChecking
option. You can add this to your SSH command like this:
ssh -o StrictHostKeyChecking=accept-new user@hostname
But what if you want to make this change permanent? You can add it to your SSH config file:
-
Open or create your SSH config file:
vim ~/.ssh/config
-
Add the following line:
StrictHostKeyChecking accept-new
This setting will automatically accept and save new host keys without prompting, while still warning you if a known host's key has changed.
Security Considerations
While this method is convenient, it's important to understand the security implications:
- It automatically accepts keys from new, unknown hosts.
- It still protects you from potential man-in-the-middle attacks on known hosts.
- It assumes you trust your network and the new hosts you're connecting to.
When to Use This Method
This approach is best suited for:
-
Environments where you frequently connect to new, trusted hosts.
-
Controlled, secure networks.
-
Scenarios where the convenience outweighs the risk of not manually verifying each new host.