What is Strict SSH Host Key Checking?

SSH host key checking is a security mechanism that verifies the identity of a remote server before establishing an SSH connection. When strict host key checking is enabled (the default and recommended setting), WHM will refuse to connect to a remote server if its host key has changed since the last known connection — this protects against man-in-the-middle attacks.

In certain situations, such as server migrations, re-provisioning, or automated backup scripts, the host key may legitimately change. Disabling strict host key checking allows WHM to connect to remote servers without verifying their identity each time.

Steps to Disable Strict SSH Host Key Checking

  1. Log in to WHM as the root user.
  2. Navigate to Home » Server Configuration » Tweak Settings.
  3. In the search box at the top, type SSH host key to locate the option quickly.
  4. Under the Security tab, find Disable strict SSH host key checking.
  5. Set the toggle to On to disable strict host key checking.
  6. Click Save at the bottom of the page.

Important Notes

  • Security warning: Disabling this setting reduces the security of SSH connections from your server. It makes your server vulnerable to man-in-the-middle attacks when connecting to remote servers. Only disable this if you understand and accept the risk.
  • This setting affects WHM features that connect to remote servers over SSH, such as Transfer Tool, Remote MySQL, and backup operations.
  • If you disable this temporarily for a migration, remember to re-enable it afterward by setting the toggle back to Off.
  • An alternative to disabling this globally is to manually update the known_hosts file for the specific remote server. This preserves security while handling the key change for one server.

Troubleshooting

  • Connection refused after re-provisioning: If a remote server was rebuilt and its SSH key changed, you may see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" errors. Either disable strict checking temporarily, or remove the old key with the command ssh-keygen -R hostname from the root SSH terminal.
  • Can't find the option: Use the Tweak Settings search bar and type SSH host key. The setting is under the Security tab.

For official documentation, see the cPanel Tweak Settings guide.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...