How to Avoid SSH's "Are you sure you want to continue connecting?" Prompt

If you're tired of seeing the "Are you sure you want to continue connecting (yes/no/[fingerprint])?" prompt every time you SSH into a new server, you're not alone. This security feature, while important, can be a bit of a nuisance for system administrators and developers who frequently connect to new machines. This is especially true when they wish to run a remote command on a newly trusted machine. Let's explore how to streamline this process without completely compromising security.

Understanding the Prompt

First, it's important to understand why this prompt appears. It's a security measure designed to protect you from man-in-the-middle attacks by verifying the authenticity of the server you're connecting to. However, in controlled environments or for non-critical systems, you might want to bypass this prompt.

The Quick Fix: StrictHostKeyChecking

One simple way to avoid this prompt is by using the StrictHostKeyChecking option. You can add this to your SSH command like this:

ssh -o StrictHostKeyChecking=accept-new user@hostname

But what if you want to make this change permanent? You can add it to your SSH config file:

  1. Open or create your SSH config file:

    vim ~/.ssh/config
    
  2. Add the following line:

    StrictHostKeyChecking accept-new
    

This setting will automatically accept and save new host keys without prompting, while still warning you if a known host's key has changed.

Security Considerations

While this method is convenient, it's important to understand the security implications:

  • It automatically accepts keys from new, unknown hosts.
  • It still protects you from potential man-in-the-middle attacks on known hosts.
  • It assumes you trust your network and the new hosts you're connecting to.

When to Use This Method

This approach is best suited for:

  • Environments where you frequently connect to new, trusted hosts.

  • Controlled, secure networks.

  • Scenarios where the convenience outweighs the risk of not manually verifying each new host.

Comments

  1. Markdown is allowed. HTML tags allowed: <strong>, <em>, <blockquote>, <code>, <pre>, <a>.