对于ssh命令行工具，为什么`StrictHostKeyChecking=no`无效？

Question

以下是执行过程：

$ ssh -o StrictHostKeyChecking=no root@10.1.1.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:2ypJ7ea5D0iqFy5PzHVgHV7p6jX5ONSTGXZGf9KqF6A.
Please contact your system administrator.
Add correct host key in /home/peng/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/peng/.ssh/known_hosts:3
  remove with:
  ssh-keygen -f "/home/peng/.ssh/known_hosts" -R "10.1.1.1"
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
UpdateHostkeys is disabled because the host key is not trusted.
root@10.1.1.1: Permission denied (publickey,password,keyboard-interactive).

为什么ssh无视我的选择？

Answer 1

如果仔细观察输出，主机键不匹配不会停止连接。但是，由于可能的中间人攻击，有些身份验证类型会被禁用，登录失败(root@10.1.1.1: Permission denied ...)。

通常，您将看到StrictHostKeyChecking=no与类似于UserKnownHostsFile=/dev/null的东西相结合。试一试

ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@10.1.1.1