If I want to specify for LAN addresses that I don't want to deal with host keys, how do I do that?
/etc/ssh/ssh_config
Host 192.168.*.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
or
UserKnownHostsFile none
even with
CheckHostIP no
Isn't doing the trick. openssh 7.1p1. With no known_hosts file in ~/.ssh or /etc, I still get:
The authenticity of host '<hostname> (192.168.2.2)' can't be established.
ECDSA key fingerprint is SHA256:.....
Are you sure you want to continue connecting (yes/no)?
This functionality was somewhat recently changed in openssh. Old questions suggest the ssh_config as shown above, which doesn't appear to work anymore.
Yes, this is a horrible idea. I want to do it anyway. It risks a man in the middle attack. It risks connecting to the wrong server if there's a configuration issue. I'm just tired of having to remove entries from known_hosts with the multiple VM's I have that often change fingerprints, and am willing to live with the risks. Yes, there's other questions like this, that explain how to do it the right way, but I don't want to do it that way. I just want to turn it off.
Best Answer
Seems like your solution on openssh mailing list seems to be quite bearable. Reposting also here:
Source: http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034335.html