ssh: The authenticity of host 'hostname' can't be established

Question

When i ssh to a machine, sometime i get this error warning and it prompts to say \"yes\" or \"no\". This cause some trouble when running from scripts that automatically ssh

Answer 1

Old question that deserves a better answer.

You can prevent interactive prompt without disabling StrictHostKeyChecking (which is insecure).

Incorporate the following logic into your script:

if [ -z "$(ssh-keygen -F $IP)" ]; then
  ssh-keyscan -H $IP >> ~/.ssh/known_hosts
fi

It checks if public key of the server is in known_hosts. If not, it requests public key from the server and adds it to known_hosts.

In this way you are exposed to Man-In-The-Middle attack only once, which may be mitigated by:

• ensuring that the script connects first time over a secure channel
• inspecting logs or known_hosts to check fingerprints manually (to be done only once)