SCP support for -o StrictHostKeyChecking=no broken

Darren Tucker dtucker at
Tue Oct 23 08:06:20 EST 2012

On Mon, Oct 22, 2012 at 03:21:06PM -0400, François Isabelle wrote:
> With SCP, it seems like the option precedence is ignored.
> Although this seems to work well with SSH.
> $ssh -V
> OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Can you reproduce this with a current version?  Works for me:

$ scp -o stricthostkeychecking=yes /tmp/a localhost:/tmp/b
No RSA host key is known for doesnotexist and you have requested strict
Host key verification failed.
lost connection

$ scp -o stricthostkeychecking=no /tmp/a localhost:/tmp/b
Warning: Permanently added 'doesnotexist' (RSA) to the list of known
a                                  100%    0     0.0KB/s 00:00 

$ ssh -V
OpenSSH_6.1, OpenSSL 1.0.1c 10 May 2012

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list