Re: SFTP from AIX to VMS failed : Host key verification failed (626 Views)
Reply
Frequent Advisor
shiva27
Posts: 87
Registered: ‎11-27-2008
Message 1 of 10 (626 Views)

SFTP from AIX to VMS failed : Host key verification failed

Hi,
we did VMS upgradation from V7.3-2 to V8.3 on existing system disk.
1.Old sftp setup was working On V7.3-2.
2.After upgrdation to V8.3 AIX system not able to connect to VMS server thru SFTP and giving below error-

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
34:fa:db:7c:af:b6:b1:ac:4a:97:23:e7:59:94:63:61.
Please contact your system administrator.
Add correct host key in /home/xyz_sftp/.ssh/known_hosts to get rid of this message.
Offending key in /home/xyz_sftp/.ssh/known_hosts:4
DSA host key for node1.xyz.london.com has changed and you have requested strict checking.
debug1: boks_ssh_client_check_hostkey: DONE - returning -1
Host key verification failed.
Connection closed


I can see SSH server new file created -[TCPIP$SSH.SSH2]SSHD2_CONFIG.

Can you suggest anything needs to be done in SSH configuration end after upgrdation.
Honored Contributor
Wim Van den Wyngaert
Posts: 4,561
Registered: ‎12-10-2003
Message 2 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

Did you do a keygen on node1.xyz.london.com ?

Wim
Wim
Frequent Advisor
shiva27
Posts: 87
Registered: ‎11-27-2008
Message 3 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

NO. Old keys are available.
Is it required to generate new key at VMS side. Sam AIX server PUB key is available in VMS server.

AIX server will send the files to VMS.
Honored Contributor
Joseph Huber_1
Posts: 1,082
Registered: ‎02-03-2004
Message 4 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

I think it is not the public key which has changed, but the host key on node1.xyz.london.com. Did You reinstall SSH, and if yes, did You anser the question "generate host key?" with yes ?

Anyway, delete the key for this host in
/home/xyz_sftp/.ssh/known_hosts:4
and retry.
http://www.mpp.mpg.de/~huber
Honored Contributor
Hoff
Posts: 4,941
Registered: ‎01-29-2006
Message 5 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

That's a UI decision within ssh (and scp and sftp) as is implemented on most platforms; the host keys have very likely changed here. That's probably indicative of an IP address or DNS change, but the exact trigger varies.

Here's the how to:
http://labs.hoffmanlabs.com/node/1116

Here are some related UI comments:
http://labs.hoffmanlabs.com/node/406
Frequent Advisor
shiva27
Posts: 87
Registered: ‎11-27-2008
Message 6 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

joseph,

At VMS side new directory KNOWNHOSTS.DIR and hostkeys.dir created but none of the files created under this directory.

Is it required to delete the below know_hosts file in AIX server ?

/home/xyz_sftp/.ssh/known_hosts
Honored Contributor
Steven Schweda
Posts: 9,088
Registered: ‎02-23-2005
Message 7 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

> [...] AIX system not able to connect to VMS
> server [...]

> Is it required to delete the below
> know_hosts file in AIX server ?

If SFTP on the AIX system is complaining
about the REMOTE HOST IDENTIFICATION, then
it's probably because the remote host (that
is, the VMS system) now has a different ID
from the one stored on the AIX system.

So, yes, I'd expect that you'd need to throw
out the old ID (for the VMS system) on the
AIX system (where it's stored).

If you can edit the VMS system ID out of the
known_hosts file, then that would probably
cause less trouble than deleting the whole
file.
Honored Contributor
Joseph Huber_1
Posts: 1,082
Registered: ‎02-03-2004
Message 8 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

Steven has answered the question.

I did not tell to delete a file, but
delete the key for this host (!) in
/home/xyz_sftp/.ssh/known_hosts:4

http://www.mpp.mpg.de/~huber
Frequent Advisor
shiva27
Posts: 87
Registered: ‎11-27-2008
Message 9 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

Thx all.

After deleting the below file, Aix team able to do the SFTP to VMS server as they do before.

/home/xyz_sftp/.ssh/known_hosts
Valued Contributor
Richard W Hunt
Posts: 288
Registered: ‎07-22-2003
Message 10 of 10 (626 Views)

Re: SFTP from AIX to VMS failed : Host key verification failed

It appears that this one might be solved, but another possible "gotcha" is if you did the install and as part of the process it upgraded the [TCPIP$SSH.SSH2]SSHD2_CONFIG. file, the name of the preferred host key is in that file. If you updated the config file and forgot to repoint to the old key you wanted, that might also lead to confusion about proper keys.
Sr. Systems Janitor
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.