diff --git a/app.js b/app.js
index 147e68c..54441bb 100644
--- a/app.js
+++ b/app.js
@@ -53,7 +53,8 @@ app.get('/ssh/host/:host?', function (req, res, next) {
       server: config.serverlog.server || false
     },
     readyTimeout: (validator.isInt(req.query.readyTimeout + '', {min: 1, max: 300000}) &&
-      req.query.readyTimeout) || config.ssh.readyTimeout
+      req.query.readyTimeout) || config.ssh.readyTimeout,
+    verify: config.verify || false
   }
   if (req.session.ssh.header.name) validator.escape(req.session.ssh.header.name)
   if (req.session.ssh.header.background) validator.escape(req.session.ssh.header.background)
diff --git a/config.json b/config.json
index 9f640f7..5cc82e3 100644
--- a/config.json
+++ b/config.json
@@ -58,5 +58,6 @@
     "client": false, // proof-of-concept to log commands from client to server
     "server": false  // not yet implemented
   },
-  "accesslog": false // http style access logging to console.log
+  "accesslog": false, // http style access logging to console.log
+  "verify": true
 }
diff --git a/hostkeys.json b/hostkeys.json
index 2bd157a..7d5411f 100644
--- a/hostkeys.json
+++ b/hostkeys.json
@@ -1,8 +1,4 @@
-[
-  {
-    "localhost": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
-  },
-  {
-    "127.0.0.1": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
-  }
-]
+{
+   "localhost": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce",
+   "127.0.0.1": "ff1d6fd1e63bf07ed1c801692f9e5a44e57cb9ce"
+}
diff --git a/socket.js b/socket.js
index e84c232..e2648f1 100644
--- a/socket.js
+++ b/socket.js
@@ -4,7 +4,8 @@
 var debug = require('debug')
 var debugWebSSH2 = require('debug')('WebSSH2')
 var SSH = require('ssh2').Client
-var hostkeys = require('./hostkeys.json')
+var fs = require('fs')
+var hostkeys = JSON.parse(fs.readFileSync('./hostkeys.json', 'utf8'))
 var termCols, termRows
 
 console.log(JSON.stringify(hostkeys))
@@ -115,11 +116,19 @@ module.exports = function socket (socket) {
       readyTimeout: socket.request.session.ssh.readyTimeout,
       hostHash: 'sha1',
       hostVerifier: function (hash) {
-        if (hash === hostkeys['127.0.0.1']) {
-          return (verified = true)
+        if (socket.request.session.ssh.verify) {
+          if (hash === hostkeys[socket.request.session.ssh.host]) {
+            return (verified = true)
+          } else {
+            err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash }
+            console.error('stored host key hashes: ', JSON.stringify(hostkeys))
+            console.error('reported hash from ' + socket.request.session.ssh.host + ': ', hash)
+            console.error(' host key hash for ' + socket.request.session.ssh.host + ': ', hostkeys[socket.request.session.ssh.host])
+            SSHerror('CONN CONNECT', err)
+          }
         } else {
-          err = { message: 'SSH HOST KEY HASH MISMATCH: ' + hash }
-          SSHerror('CONN CONNECT', err)
+          console.info('host key verification disabled. hash for host ' + socket.request.session.ssh.host + ': ', hash)
+          return (verified = true)
         }
       },
       debug: debug('ssh2')