How to use the Authorize SSH Hosts function to update an SFTP host's fingerprint or store multiple host keys for an SFTP cluster - INCLUDES VIDEO

Version 5
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M Managed File Transfer


    COMPONENT:

    Control-M/CM for Advanced File Transfer


    APPLIES TO:

    Control-M Managed File Transfer all versions Control-M for Advanced File Transfer 8.2.00



    QUESTION:

    How to use the Authorize SSH Hosts function to:

    1- update an SFTP host's fingerprint when the host key has changed, and receiving the error:
    Can't connect to host: sftp.example.com, Error:Host rejected due to mismatched RSA fingerprint.  You can re-enable access to this host by using the "Authorize SSH host" option in the CCM

    2- store multiple host keys if connecting to an SFTP server installed on a cluster or network load balancing alias
     


    ANSWER:

     

    The following video demonstrates this solution:

                                   
    Other languages:Italiano
      
    1. When the fingerprint of a host has changed, go to the option Authorize SSH Host in the Control-M Configuration Manager (SSH) .  
      At Reauthorize SSH Host, select the hostname from the drop down list and click OK. 
      Now test the connection profile again to see if the probelm is resolved. 


    2. When an SFTP server hostname is actually a cluster or network load balancing alias, when connecting to that hostname you actually connect to a different physical host each time.  Use the Authorize SSH Hosts' "Cluster" option in this case.   
       
    • When you know the physical hostnames of the different nodes of the cluster, enter each of them in the physical hostname list, then click OK
    •  
    • When you do not know the physical hostnames of the different nodes of the cluster, add one physical hostname with the the virtual hostname or cluster alias, and use the Authorize SSH Hosts multiple times, enough times that it would have connected to each physical node and retrieved its fingerprint.
       

    Additional information:

    Control-M for File Transfer automatically stores the fingerprint for a new SFTP host when first connecting to it when testing a connection profile or submitting a job that uses this host. 

    Host keys (fingerprints) are stored in the known_hosts file in AFT's data directory: 
    UNIX/Linux:  ~/ctm/cm/AFT/data/known_hosts 
    Windows:  <AgentHome>\cm\AFT\data\known_hosts 

      

     


    Article Number:

    000143063


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles