HPE Community
Operating System - OpenVMS
1752782 Members
6425 Online
108789 Solutions
New Discussion юеВ

Re: SFTP from AIX to VMS failed : Host key verification failed

 
shiva27
Frequent Advisor

тАО04-01-2009 03:06 AM

тАО04-01-2009 03:06 AM

SFTP from AIX to VMS failed : Host key verification failed

Hi,
we did VMS upgradation from V7.3-2 to V8.3 on existing system disk.
1.Old sftp setup was working On V7.3-2.
2.After upgrdation to V8.3 AIX system not able to connect to VMS server thru SFTP and giving below error-

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
34:fa:db:7c:af:b6:b1:ac:4a:97:23:e7:59:94:63:61.
Please contact your system administrator.
Add correct host key in /home/xyz_sftp/.ssh/known_hosts to get rid of this message.
Offending key in /home/xyz_sftp/.ssh/known_hosts:4
DSA host key for node1.xyz.london.com has changed and you have requested strict checking.
debug1: boks_ssh_client_check_hostkey: DONE - returning -1
Host key verification failed.
Connection closed


I can see SSH server new file created -[TCPIP$SSH.SSH2]SSHD2_CONFIG.

Can you suggest anything needs to be done in SSH configuration end after upgrdation.
0 Kudos
Reply
9 REPLIES 9
Wim Van den Wyngaert
Honored Contributor

тАО04-01-2009 03:19 AM

тАО04-01-2009 03:19 AM

Re: SFTP from AIX to VMS failed : Host key verification failed

Did you do a keygen on node1.xyz.london.com ?

Wim
Wim
Reply
shiva27
Frequent Advisor

тАО04-01-2009 03:53 AM

тАО04-01-2009 03:53 AM

Re: SFTP from AIX to VMS failed : Host key verification failed

NO. Old keys are available.
Is it required to generate new key at VMS side. Sam AIX server PUB key is available in VMS server.

AIX server will send the files to VMS.
0 Kudos
Reply
Joseph Huber_1
Honored Contributor

тАО04-01-2009 04:30 AM

тАО04-01-2009 04:30 AM

Re: SFTP from AIX to VMS failed : Host key verification failed

I think it is not the public key which has changed, but the host key on node1.xyz.london.com. Did You reinstall SSH, and if yes, did You anser the question "generate host key?" with yes ?

Anyway, delete the key for this host in
/home/xyz_sftp/.ssh/known_hosts:4
and retry.
http://www.mpp.mpg.de/~huber
0 Kudos
Reply
Hoff
Honored Contributor

тАО04-01-2009 05:05 AM

тАО04-01-2009 05:05 AM

Re: SFTP from AIX to VMS failed : Host key verification failed

That's a UI decision within ssh (and scp and sftp) as is implemented on most platforms; the host keys have very likely changed here. That's probably indicative of an IP address or DNS change, but the exact trigger varies.

Here's the how to:
http://labs.hoffmanlabs.com/node/1116

Here are some related UI comments:
http://labs.hoffmanlabs.com/node/406
Reply
shiva27
Frequent Advisor

тАО04-01-2009 07:32 PM

тАО04-01-2009 07:32 PM

Re: SFTP from AIX to VMS failed : Host key verification failed

joseph,

At VMS side new directory KNOWNHOSTS.DIR and hostkeys.dir created but none of the files created under this directory.

Is it required to delete the below know_hosts file in AIX server ?

/home/xyz_sftp/.ssh/known_hosts
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО04-01-2009 09:13 PM

тАО04-01-2009 09:13 PM

Re: SFTP from AIX to VMS failed : Host key verification failed

> [...] AIX system not able to connect to VMS
> server [...]

> Is it required to delete the below
> know_hosts file in AIX server ?

If SFTP on the AIX system is complaining
about the REMOTE HOST IDENTIFICATION, then
it's probably because the remote host (that
is, the VMS system) now has a different ID
from the one stored on the AIX system.

So, yes, I'd expect that you'd need to throw
out the old ID (for the VMS system) on the
AIX system (where it's stored).

If you can edit the VMS system ID out of the
known_hosts file, then that would probably
cause less trouble than deleting the whole
file.
Reply
Joseph Huber_1
Honored Contributor

тАО04-01-2009 10:51 PM

тАО04-01-2009 10:51 PM

Re: SFTP from AIX to VMS failed : Host key verification failed

Steven has answered the question.

I did not tell to delete a file, but
delete the key for this host (!) in
/home/xyz_sftp/.ssh/known_hosts:4

http://www.mpp.mpg.de/~huber
0 Kudos
Reply
shiva27
Frequent Advisor

тАО04-01-2009 11:58 PM

тАО04-01-2009 11:58 PM

Re: SFTP from AIX to VMS failed : Host key verification failed

Thx all.

After deleting the below file, Aix team able to do the SFTP to VMS server as they do before.

/home/xyz_sftp/.ssh/known_hosts
0 Kudos
Reply
Richard W Hunt
Valued Contributor

тАО04-02-2009 09:29 AM

тАО04-02-2009 09:29 AM

Re: SFTP from AIX to VMS failed : Host key verification failed

It appears that this one might be solved, but another possible "gotcha" is if you did the install and as part of the process it upgraded the [TCPIP$SSH.SSH2]SSHD2_CONFIG. file, the name of the preferred host key is in that file. If you updated the config file and forgot to repoint to the old key you wanted, that might also lead to confusion about proper keys.
Sr. Systems Janitor
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.