SCP support for -o StrictHostKeyChecking=no broken

Francois Isabelle isabellf at
Tue Oct 23 10:17:54 EST 2012

Yeah, I should have tried this before but I only checked the bug list and didn't find any report. One thing to note though is that my system wide configuration has 'ask' set for this option. I'll try to reproduce on recent versions soon.
Thank you

Darren Tucker <dtucker at> a écrit :

>On Mon, Oct 22, 2012 at 03:21:06PM -0400, François Isabelle wrote:
>> With SCP, it seems like the option precedence is ignored.
>> Although this seems to work well with SSH.
>> $ssh -V
>> OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>Can you reproduce this with a current version?  Works for me:
>$ scp -o stricthostkeychecking=yes /tmp/a localhost:/tmp/b
>No RSA host key is known for doesnotexist and you have requested strict
>Host key verification failed.
>lost connection
>$ scp -o stricthostkeychecking=no /tmp/a localhost:/tmp/b
>Warning: Permanently added 'doesnotexist' (RSA) to the list of known
>a                                  100%    0     0.0KB/s 00:00 
>$ ssh -V
>OpenSSH_6.1, OpenSSL 1.0.1c 10 May 2012
>Darren Tucker (dtucker at
>GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
>usually comes from bad judgement.

More information about the openssh-unix-dev mailing list