Shulou(Shulou.com)05/31 Report--

This article is about how to automatically accept SSH key fingerprints. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

When connecting to a Linux system for the first time, SSH prompts you to accept the computer's fingerprint to successfully establish the connection, because there are no fingerprints in the " known_hosts" file.

Fingerprint is an abbreviated version of the system public key, and to protect itself from man-in-the-middle attacks (MITM), the ssh program verifies the fingerprint of the remote system ssh using the fingerprint stored since the last connection. If your fingerprint has changed, the system will alert you and ask if you want to continue.

Sometimes you may need to automatically accept SSH fingerprints. For example, if you create a shell script to remotely manage multiple linux servers.

There are two ways to do this.

Automatically accept ssh fingerprints using the strictHostKeyChecking=no option.

Use the ssk-keyscan command to accept ssh fingerprints.

The first time you connect to a remote computer, it warns you that you cannot establish the authenticity of the host and provides a key fingerprint for verification.

Once the fingerprint is accepted, it is saved in the "known_hosts" file, and when reconnecting to the same remote host, SSH checks the fingerprint against the known_hosts file to verify its identity.

How do I automatically accept SSH key fingerprints using SSH option?

This method is straightforward and can be done simply by adding options using SSH commands. When this option is used, ssh automatically adds the new host key to the user known_hosts file.

[root@localhost ~]# ssh -o "StrictHostKeyChecking no" localhost Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. root@localhost's password: Last login: Mon Jan 25 20:01:53 2021 from 192.168.43.1

The above warning indicates that it has added a key to the known_host file.

How to use ssk-keyscan command to automatically accept SSH key fingerprint?

This is another way, ssh-keycan allows you to append ssh fingerprints to the known_hosts file. This tool is useful when you want to add in bulk. Use the following command:

[root@localhost ~]# ssh-keyscan -H 192.168.43.138 >> ~/.ssh/known_hosts # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4

Add the ssh fingerprints of multiple remote hosts to known_hosts using the following command. You must add the IP address of the remote host to a file and invoke it with the ssh-keyscan command, saving the IP address of each remote server in a text file as follows:

[root@localhost ~]# cat remote-hosts.txt 192.168.43.137 192.168.43.138 192.168.43.166

Then use the ssh-keyscan tool to add their ssh fingerprints to known_hosts:

[root@localhost ~]# ssh-keyscan -f ./ remote-hosts.txt >> ~/.ssh/known_hosts # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.137:22 SSH-2.0-OpenSSH_7.8 # 192.168.43.137:22 SSH-2.0-OpenSSH_7.8 # 192.168.43.137:22 SSH-2.0-OpenSSH_7.8 # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.138:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.166:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.166:22 SSH-2.0-OpenSSH_7.4 # 192.168.43.166:22 SSH-2.0-OpenSSH_7.4

Thank you for reading! About "how to automatically accept SSH key fingerprint" this article is shared here, I hope the above content can be of some help to everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.