Community Forum

Suppressing security warnings when using SSH on the command line

When you connect to an SSH Service using the proxy address from the web portal or the /device/connect API endpoint, you will get a new URL periodically which triggers this warning to be shown:

The authenticity of host '[]:35136 ([]:35136)' can't be established.

ECDSA key fingerprint is SHA256:Gg2MC6laKkCs5PbY4Y1IVVlrZA7eJbSHI4kOz7T0kp4. Are you sure you want to continue connecting (yes/no)?

Type “yes” to accept the new SSH key into your key cache.

It may not make sense to either check the host authenticity or to save the host details in the known hosts list.

Some people prefer to see all security warnings. If you’d rather see all security warnings, then don’t use these options.

In order to suppress the authenticity warning and prevent saving of the URL in the known hosts file, add the following flags to your SSH command line:

-o "StrictHostKeyChecking=no" 
-o "UserKnownHostsFile /dev/null"

The sample SSH command line becomes:

ssh -l root -p 35136 -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile /dev/null"

You will still see a message that the hosts file got updated. However we told the command to send that information to /dev/null rather than the actual known hosts file.

Warning: Permanently added '[]:32076,[]:32076' (ECDSA) to the list of known hosts.

If you run the ssh command again, you will see the same warning, indicating that in fact the host info was not written to the actual known hosts file.