|
The first time you connect to an SSH server it asks you to validate their
host key (sftp is just a special use of an SSH server). This validates
that the server is who you think it is. Once you've accepted the key
fingerprint, it will be saved in /home/user/.ssh/known_hosts and you won't
get asked again.
The problem is that when using sftp from QSH/QP2TERM there is no way for
it to ask you to validate the key (since there's no TTY environment) and
so it doesn't even try and just says that it can't validate it ("Host key
verification failed").
You have a couple options to fix it:
- request the host key fingerprint from your partner and add it to
/home/user/.ssh/known_hosts manually. The fingerprint will look something
like:
example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApkxN82QhSqYFD... (this
string is usually really long)
You need to ensure that the file is in ASCII and uses Unix line endings
(LF, not CRLF).
- connect once with ssh instead of sftp and accept the fingerprint:
ssh -T example.com
The authenticity of host 'example.com (9.5.67.117)' can't be established.
ECDSA key fingerprint is
SHA256:5BYrcHeU+0QXkDqor8bfH+M7AbZz4a33ViCbE6G906M.
Are you sure you want to continue connecting (yes/no)?
Once you say yes, it will be stored in /home/user/.ssh/known_hosts. Note
that you don't actually have to succeed in connecting, just answer yes to
the prompt.
- use ssh-keyscan to automatically add the fingerprints to
/home/user/.ssh/known_hosts:
ssh-keyscan example.com >> /home/user/.ssh/known_hosts
Note that you should run these commands from QP2TERM. When run from QSH,
it will not be able to find the commands unless you add /QOpenSys/usr/bin
to the $PATH environment variable. Also, you could end up with EBCDIC data
in known_hosts if it doesn't already exist, which will cause ssh to fail.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.