SSH: Self-signed- The authenticity if host cant be established

0
votes

I get the next message from SSH client every time I try to connect to my server:

The authenticity of host "XXX" can't be established. ECDSA key fingerprint is SHA256:... Are you sure you want to continue connecting(yes/no/[fingerprint])?

I Understand that this message should only apear my first time connecting, not each and every time. Why does it happen?

Does it mean that it is a self signed ceetificate?

Have a good day!

1
securitysshself-signedman-in-the-middle

1 Answers

1
votes

There are few things you can try:

  1. Make sure ~/.ssh/known_hosts is writable. Because system will try and add the host key into this file.

  2. Depending on your ssh client, you can set the StrictHostKeyChecking option to no on the command line, and/or send the key to a null known_hosts file. You can also set these options in your config file, either for all hosts or for a given set of IP addresses or host names.

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

This option is not very secure as it may open up Man in the middle attacks. Please carefully consider before doing this.

https://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

  1. [NOT SECURE] Another way is to use 'BatchMode' in addition to 'StrictHostKeyChecking'. This way, your script will accept a new hostname and write it to the known_hosts file, but won't require yes/no intervention.

ssh -o BatchMode=yes -o StrictHostKeyChecking=no [email protected] "uptime"