Software Development

How do I resolve the error "Using a SSH password instead of a key is not possible because Host Key checking is enabled"?

MA Asked by Marcus Thorne · 04-02-2025
0 upvotes 12,957 views 0 comments
The question

I am trying to run an automation script using sshpass to provide a password for SSH authentication. However, I keep getting a message saying it's not possible because "Host Key checking is enabled." I understand that SSH wants to verify the server's identity, but since I am running this in a CI/CD pipeline, I can't manually type "yes" to accept the fingerprint. What is the safest way to bypass this check in an automated environment, or is there a way to pre-populate the known_hosts file?

3 answers

0
EL
Answered on 05-02-2025

This error occurs because sshpass is not designed to handle interactive prompts, such as the one asking you to "trust" a new host. The most secure way to fix this is to pre-populate your ~/.ssh/known_hosts file using the ssh-keyscan command. By running ssh-keyscan -H <your-server-ip> >> ~/.ssh/known_hosts before your main script, you verify the host identity once, and sshpass will then proceed without the prompt. If you are in a completely private and secure environment and just need it to work quickly, you can disable the check by adding the argument -o StrictHostKeyChecking=no to your SSH command, or by setting the environment variable ANSIBLE_HOST_KEY_CHECKING=False if you are using Ansible.

0
KE
Answered on 06-02-2025

I tried setting StrictHostKeyChecking=no, but now I'm getting a "Permission denied" error. Does sshpass work differently if the server has password authentication disabled in sshd_config?

MA 07-02-2025

Exactly, Kevin. sshpass only works if the remote server allows PasswordAuthentication. If the server is configured to only allow PublickeyAuthentication, no amount of password-passing will work. Also, check if your user account is locked or if the password has expired. In many enterprise environments, the "Host Key" error is just the first hurdle; the second is often a strict SSH configuration that forbids passwords entirely for security reasons.

0
SA
Answered on 09-02-2025

For Ansible users, the easiest fix is adding host_key_checking = False to your ansible.cfg file. It’s less secure, but it fixes the "sshpass" issue immediately for large-scale deployments.

AN 10-02-2025

True, Sarah, but I always warn people: disabling host key checking opens you up to "Man-in-the-Middle" attacks. If you're on the public internet, always use the ssh-keyscan method Elena mentioned instead!

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session