Prevent host from being added to knownhosts

February 2, 2026

ssh scripts system-administration

When I’m installing a new server or in a rescue environment, I want to prevent the host from being added to the ~/.ssh/known_hosts file. When I forget, I get the following error.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

To fix this, you can edit ~/.ssh/known_hosts and remove the offending entry.

To prevent this, add the following alias to your ~/.ssh/.bashrc or /etc/profile.d/10-system-alias.sh if you’re using my system-wide alias set up I recommend.

alias ssh.forget=’ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no’

Now we can test.

ssh.forget 127.0.0.1