sean darcy, 17.02.19 15:24 +0100:
ssh -o stricthostkeychecking=no works.
There's no ~/.ssh/config
grep Strict /etc/ssh/ssh_config # StrictHostKeyChecking ask
but it doesn't ask:
ssh new-gateway @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:TylFZRyv2D0miW94XagWwZOFPPCd1PhTRscDSXZHwVw. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 ECDSA host key for [new-gateway]:6878 has changed and you have requested strict checking. Host key verification failed.
though it reads the config file correctly:
ssh -G new-gateway | grep strict stricthostkeychecking ask
"StrictHostKeyChecking ask" asks when connecting to a new host (for which there's no entry in known_hosts). If there's an entry for the host in known_hosts and the host's key doesn't match the one saved in known_hosts, it will deny the connection:
If this flag is set to ask (the default), new host keys will be added […] and ssh will refuse to connect to hosts whose host key has changed.
(from man ssh_config(5))
So, for you, it seems to work as documented.