I have to connect in an automated manner to a large number of servers using certificate authentication, using a certificate that has been deployed at server build time. my issue is that when I use batch mode -B any server that would prompt for acceptance of the servers public key will fail. I need an automated way of accepting a servers public key. Either at command line or in a configuration file. I am not too familiar with the tectia config files so an example of a complete(albeit simple) config file to do this would be appreciated!!! I am using Tectia 6.0.XXXX
I managed to solve this issue here is the solution: in the ssh-broker-config.xml file the general section must contain these parameters:
As far as I know, there is no automated way to accept host keys when connecting for the first time. What you need to do is connect once to each server and manually accept the server's public key by opting to "save" the key when prompted. This will copy the public key for the host to a secure location on the client for future reference.
You will not be prompted to accept the key again unless the host changes keys.
answered Jul 29 '10 at 22:04
Hello, you are correct, Tectia Client 5.x/6.0/6.1 have their ssh-broker-config.xml files in where you can tweak server authentication settings.
Tectia Client usually reads its configuration files from these locations:
For example: C:\Documents and Settings\samim\Application Data\SSH\ssh-broker-config.xml
IBM z/OS (6.0/6.1):
NOTE: Server authentication step is a vital part of security and it is not recommended that you disable it!
If you have a large server environment, then I recommend you to use X509v3 certificates instead of plain public key files as then you do not have this "fingerprint check" issue anymore (e.g. even though you will add a brand new server to your network). Tectia supports X509v3 certificates in server and in user authentication steps (including certificate revocation checking via OSCP service or via CRL files)
answered Sep 01 '10 at 12:10
Sami Marttinen ♦
We are using SSH tectia client v6.1.7 on windows platform and i don't see a file "ssh-broker-config.xml" at following locations
Am I missing something?
appreciate any pointers
User specific: %USERPROFILE%\Application Data\SSH\ssh-broker-config.xml For example: C:\Documents and Settings\samim\Application Data\SSH\ssh-broker-config.xml
System wide (if default installation location in use): C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-config.xml
answered Jul 15 '12 at 15:57