We have been using Co:z SFTP with Coz: Batch for a few years. We are always connecting as an ssh client as we are not using sshd server at this time. I noticed that for every connection to every server I noticed that the RSA cert is added to the know hosts file. So there are many, many of the same RSA certs for each server in the know hosts file. I thought once a certificate was added for a server that is the certificate that would be used on the next connection? Is this normal or do I have something set up wrong?
Thanks Matt
Known Host file additions
Re: Known Host file additions
Unless you have misconfigured something, your $HOME/.ssh/known_hosts file should not include multiple RSA public keys for the same host.
Re: Known Host file additions
Any idea what would cause this to happen?
Re: Known Host file additions
Note: the known_hosts file is a file used by IBM z/OS OpenSSH (or Ported Tools OpenSSH, depending on your version), and not Co:Z SFTP
Are you saying that if you start with an empty file and then connect twice to the same host, that you will get the key added twice?
Do you see duplicate lines in known_hosts - the exact same hostname/ipaddr and key?
Are you specifying the StrictHostKeyChecking option on your command line or in your /etc/ssh/ssh_config or $HOME/.ssh/config files ?
(this is an OpenSSH option)
Are you saying that if you start with an empty file and then connect twice to the same host, that you will get the key added twice?
Do you see duplicate lines in known_hosts - the exact same hostname/ipaddr and key?
Are you specifying the StrictHostKeyChecking option on your command line or in your /etc/ssh/ssh_config or $HOME/.ssh/config files ?
(this is an OpenSSH option)
Re: Known Host file additions
Are you saying that if you start with an empty file and then connect twice to the same host, that you will get the key added twice? yes I do.
Do you see duplicate lines in known_hosts - the exact same hostname/ipaddr and key? yes I do.
Are you specifying the StrictHostKeyChecking option on your command line or in your /etc/ssh/ssh_config or $HOME/.ssh/config files ? No, that option is commented out.
Thanks
Do you see duplicate lines in known_hosts - the exact same hostname/ipaddr and key? yes I do.
Are you specifying the StrictHostKeyChecking option on your command line or in your /etc/ssh/ssh_config or $HOME/.ssh/config files ? No, that option is commented out.
Thanks
Re: Known Host file additions
Do this under a z/OS shell (with the userid that you are using):
cd $HOME/.ssh
ls -al
And then remove (back up) your known_hosts:
cd $HOME/.ssh
mv known_hosts known_hosts.bak
and then run (2) connections to the same host with "-vvv" ssh options and save the job output.
do this:
cd $HOME/.ssh
ls -al
cat known_hosts
Please collect all of this information and send to info@dovetail.com
cd $HOME/.ssh
ls -al
And then remove (back up) your known_hosts:
cd $HOME/.ssh
mv known_hosts known_hosts.bak
and then run (2) connections to the same host with "-vvv" ssh options and save the job output.
do this:
cd $HOME/.ssh
ls -al
cat known_hosts
Please collect all of this information and send to info@dovetail.com