Disabling the StrictHostKeyChecking
option will make the connection less secure than having the option enabled, because it will let you connect to remote servers without verifying their SSH host keys. If the option is enabled, you will only be able to connect to servers which keys are known to your SSH client.
You will have to decide what that means for your specific use case - are the servers you are connecting on a private, local network or do you connect over the internet? Is this a testing or production environment?
When in doubt, it is better to err on the side of more security. I would recommend enabling StricktHostKeyChecking
and using the setKnownHosts
method to provide a file which contains the remote host keys.
ssh-keyscan -t rsa localhost
produces something: # localhost SSH-2.0-OpenSSH_6.2 localhost ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfkfoFN+oakKAvx2meT90jom1oRdBevPFP/2A+tN4+ – Eliathas