Linux – How to stop adding IP from EC2 to known_hosts for ssh

The idea is that your IP doesn't change. If it does change, you can update it in the Security Group either via the AWS console or via an API call.

The guide doesn't assume you have an IP that changes often. If it does, either ignore its advice and open SSH to the world (or perhaps the IP range your ISP uses for customers) or write a script that updates the security group whenever your computers IP changes. (the details of this depend on your operating system).

Googling the error message, the first two relevant hits both claim the problem was due to an SSH inspection on a firewall.

• Cannot use public key with bitbucket cloud at community.atlassian.com

  Ok, figured it out. We are doing ssl/ssh inspection at our border gateways, and it seemed to caused the problem. Disabling ssh inspection, or adding an excpetion for bitbucket's ips, I can now push and pull from my bitbucket repo.

• Key Based Auth Broken for All Instances - Even New EC2 Instances and New Keypairs on reddit.com:

  Super aggressive MITM firewall/router in place that meddles with ssh traffic?

  Deep inspection got me down. ... Firewall was being a MITM for sure.

That would explain the behavior. As while the server claims to be "OpenSSH" (and the actual server is probably OpenSSH), OpenSSH does not have any error message like "Connection blocked because server only allows public key authentication. Please contact your network administrator". It must be some intermediate server/device that acts on the behalf of the real OpenSSH server that injects the error message.