Methods to Skip SSH Initial Host Key Confirmation and Automate Password Input
When establishing an SSH connection to a remote server with the ssh <remote_user>@<host_ip> command, two interactive prompts typically appear for first-time access: a host key verification prompt requiring manual entry of "yes", followed by a password input prompt for the remote account. Below is a sample full first-time connection flow:
devops@workstation-ubuntu:~$ ssh appadmin@10.0.2.17
The authenticity of host '10.0.2.17 (10.0.2.17)' can't be established.
ED25519 key fingerprint is SHA256:7aG9kF2xPzR4sT6vB8nM0dQ1wE3rT5yU7iO9pS0dF2g.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.0.2.17' (ED25519) to the list of known hosts.
appadmin@10.0.2.17's password:
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-78-generic x86_64)
Subsequent connections to the same host will omit the host key confirmation prompt, only asking for the account password:
devops@workstation-ubuntu:~$ ssh appadmin@10.0.2.17
appadmin@10.0.2.17's password:
Last login: Fri Sep 15 14:22:07 2023 from 10.0.2.45
This behavior occurs because the first "yes" input writes the remote host's public key fingerprint to the local ~/.ssh/known_hosts file. Every subsequent connection compares the received host key against the stored entry to prevent man-in-the-middle attacks, skipping the prompt if the values match. If you delete the corresponding IP entry from ~/.ssh/known_hosts, the cnofirmation prompt will reappear on the next connection.
For automated O&M workflows that run SSH connections via unattended scripts, these interactive prompts block execution. Below are three validated methods to disable the host key verification prompt, paired with sshpass utility integration to enable fully non-interactive SSH access.
Disable Strict Host Key Check via Command Line Parameters
Append two configuration flags directly to your SSH command to override default verification behavior: the first routes known host storage to /dev/null to avoid persisting host keys, and the second disables strict key checking entirely.
# Non-interactive first-time SSH connection command
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no appadmin@10.0.2.17
To automate password input with this command, combine it with the sshpass utility (install via apt install sshpass for Debian/Ubuntu systems):
# Fully non-interactive connection with auto password input
SSHPASS='your_secure_account_password' sshpass -e ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no appadmin@10.0.2.17
Configure Host-Specific Bypass Rules in Global SSH Config
For fixed IP ranges you access regularly, add rule blocks to the global SSH client config /etc/ssh/ssh_config to apply verification bypass settings automatically for matching hosts. Add the following lines to the top of the file:
Host 10.0.2.* 192.168.12.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Save the file and restart the SSH service with sudo systemctl restart sshd for changes to take effect.
Enable Global Bypass in Local User SSH Config
If you do not have root permissions to modify the global SSH config, add the same setting to your per-user SSH config file at ~/.ssh/config (create the file if it does not exist):
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Restart the SSH service after saving to apply the configuration for all SSH connections initiated by your user account.
