I have the following in my ssh_config to connect to machines on my local LAN and machines in a VM:

Host 172.16.*.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

However, each time I connect it produces a warning:

$ ssh [email protected]
Warning: Permanently added '' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/jdoe/.ssh/id_ed25519': 

I'm using OpenSSH 7.1. How do I disable the warning on each connection for the local LAN?

Append the following to your SSH config file:

LogLevel ERROR

Or append -o LogLevel=ERROR to the ssh command itself.

  • 1
    The SSH config file on Debian is /etc/ssh/ssh_config (not /etc/ssh/sshd_config !)
    – rubo77
    Commented Dec 21, 2019 at 7:57
  • 2
    A bit of a warning setting loglevel=error: You can lose valuable failure information by doing this, such as connection timeout messages.
    – jozxyqk
    Commented Sep 4, 2020 at 22:11
  • @rubo77 how is this comment relevant to this answer? I think the OP asked about user's config file (~/.ssh/config).
    – nhed
    Commented Apr 7, 2022 at 13:55
  • I don't remember, maybe someone edited an answer or deleted a comment? anyway, it is true and has an upvode flag already, so it helped someone ;)
    – rubo77
    Commented Apr 7, 2022 at 19:26

You should be able to do this by changing your ssh configuration from the default log-level of "info" to "error" (the next level up).

Refer to the ssh_config manual page:

Gives the verbosity level that is used when logging messages from ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output.

The source code for ssh tells the story:

     * Initialize "log" output.  Since we are the client all output
     * actually goes to stderr.
    log_init(av[0], options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,

along with the definition of log_init:

log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)

i.e., all of the "log" messages go to the standard error, and you can only adjust how many you get. The one you do not want happens to be at the INFO level.


In short, run ssh with the -q flag to disable warnings/diagnostics (but not errors).

  • 12
    -q will do more than you probably bargained for. It suppresses very useful error messages. Example: ssh -q not-existing-host will not print a single error message. This command just fails silently. In contrast, ssh -o LogLevel=error not-existing-host will print an explanation: ssh: Could not resolve hostname not-existing-host: Name or service not known
    – hagello
    Commented Jul 12, 2017 at 14:54
  • I think using grep -v is better than suppressing all warnings or errors
    – MaXi32
    Commented Apr 19, 2021 at 10:22
  • Bad advice: -q will also hide "permission denied", which is fairly fundamental.
    – SiHa
    Commented Jan 16 at 12:23

Most answers here are not that perfect, where you will lose other important warning or error messages. To only suppress that warning message 'Permanently added ...' and keep other warning messages, you could do the following:

Using error redirection and grep -v

The warning message that you've seen on the terminal is a standard error. So, we need convert the standard error output to standard output and finally using grep -v to remove that annoying warning string:

ssh [email protected] 2> >(grep -v "Permanently added" 1>&2)

Even you could suppress the warning for only that specific IP:

ssh [email protected] 2> >(grep -v "Permanently added '[]'" 1>&2)

If you need to suppress more than one warning messages use grep -Ev and separate the warning messages with |:

 ssh [email protected] 2> >(grep -v grep -Ev "Permanently added|Warning message 1|Other error message 2|Other error or warning N" 1>&2)

This way, you still able to view other important warning or error messages.


if you used the command line

$ ssh xxx@xxx uname -m
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.

Authorized users only. All activities may be monitored and reported.

add option -E /dev/null -o LogLevel=error

$ ssh -E /dev/null -o LogLevel=error xxx@xxx uname -m

