RE: SFTP Arcana..... -- MIDRANGE-L

The known_hosts file is just a secondary security measure for your client. Since the key pair will remain intact just remove the old known_hosts entries and recreate them on the next valid connection using the new DNS. I would recommend doing this interactively so it would be easy to handle the prompt to check the authenticity for what will be a "new host". Just be sure the user ID is the same as the batch ID that's used to handle the transmission. Once this is done your batch SFTP process should continue without a hitch.

Oh, and it wouldn't hurt to copy the known_hosts file prior to removing the old entries.

Disclaimer: I have no affiliation with the Wells Fargo group you are communicating with. I am answering this question from and IBMi support prospective.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx

Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of ALopez@xxxxxxxxxx
Sent: Wednesday, July 10, 2013 8:07 AM
To: midrange-l@xxxxxxxxxxxx
Subject: SFTP Arcana.....

We are currently using SFTP to communicate with Wells Fargo. Certificates are in place and the process is working. Wells Fargo has notified us of a pending change to their IP addresses, and advised that we use just their domain name and not their IP addresses.

When I look at the known_hosts file, I see that we have entries as
follows:

safetrans.wellsfargo.com,151.151.XX.XXX ssh-rsa longencyptionstring safetransvalidate.wellsfargo.com,151.151.XX.XXX ssh-rsa longencryptionstring 151.151.XX.XX ssh-rsa longencryptionstring

Is there a way for me to modify these entries with URLs to take out the IP addresses? I know that the system is able to resolve the URLs back to the IP addresses, which is what Wells Fargo advises. (Ping and Trace Route both resolve back to the correct addresses.) When I use green screen edit file to simply remove the IP address, the process stops working, possibly because deleting the address causes part of the encryption string to shift left, but leaves a gap within the encryption string. It doesn't help that my Google powers are failing me at finding a specification for the layout of this file.

Andrew  Lopez
Systems Analyst

Phone:   803-714-2037

Email: ALopez@xxxxxxxxxx
Please consider the environment before printing this e-mail.

This message and any attachments should be treated as proprietary to the sender and confidential to the identified recipients and should not be disclosed to or used by anyone other than the intended recipient unless pre arranged with the sender. If you are not an addressee of this communication, have received this e-mail by transmission error of the sender, recipient or due to another originator by an error in transmission, you are hereby notified that any disclosure, copying, use, distribution, or taking of any action in reliance on the contents of this information is prohibited. In any such event, please notify the sender immediately by contacting Spirax Sarco Inc., 803 714 2000 or reply to this e-mail and then delete it from your system. Spirax Sarco Inc.
accepts no responsibility for software viruses and all recipients should check for viruses before opening any attachments.