As far as I can tell, there currently isn't a straightforward way to use password authentication for connecting to hosts where the host key changes frequently. I realize this is a fairly niche use case, but when developing software for devices that often get reimaged (resulting in a host key change), it can get pretty tedious to attempt to connect, get a warning, remove the old host key via text editor or "ssh-keygen -R", and then connect again. I'd like to propose adding a new StrictHostKeyChecking option, named something like "ask-update" or "ask-to-update". This would be like "ask", except it would prompt the user to update a host key if it has changed (after printing a suitably scary warning). When connecting to an unknown host, it would be equivalent to "ask". I expect users would enable it explicitly for a limited set of hosts, e.g. by adding a config section like Host 192.168.0.* StrictHostKeyChecking ask-update If this idea sounds acceptable, I could potentially work on it, but I don't mind at all if someone else is interested in doing it. Thanks, Jeremy _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev