So many answers, but ví many that give up protection by turning off strict host checking totally, or destroying unrelated host info or just forcing the user đồ sộ interactively accept keys, possibly at a later point, when it is unexpected.
Here's a simple technique đồ sộ allow you đồ sộ leave strict host checking on, but update the key in a controlled way, when you expect it đồ sộ change:
Remove the old key and update in one command
ssh-keygen -R server.example.com && \ ssh -o StrictHostKeyChecking=no server.example.com echo SSH host key updated.Repeat with IP address(es) or other host names if you use them.
The advantage of this approach is that it rekeys the server exactly once. Most versions of ssh-keygen seem đồ sộ not return an error if the server you try đồ sộ delete doesn't exist in the known hosts tệp tin, if this is a problem for you, use the two commands in sequence.
This approach also verifies connectivity and emits a nice message for logs in the ssh command (which logs in, updates the host key, and outputs SSH host key updated then immediately exits.
If your version of ssh-keygen returns a non-zero exit code, and you prefer đồ sộ handle this without error, regardless or prior connection, simply use the two commands in sequence, ignoring any errors on the ssh-keygen command.
If you use this technique, you never need đồ sộ vary your ssh command, or turn off host checking except during that one ssh command. You can be sure that future ssh sessions will work without conflict or needing đồ sộ explicitly accept a new key, as long as the ssh command above ran without error.