login about faq

How to configure Tectia Client/ConnectSecure to accept multiple SSH servers' identities per server address (mainly for cluster system access)?

asked Feb 02 '12 at 11:07

SSH%20KB's gravatar image

SSH KB ♦
509249247238


Often you need to connect to a cluster system where the SSH server's identity information will change depending on to which cluster node your Tectia Client connection ends on each and every time connection attempt.

(Some times cluster nodes will share server identity information and we will not encounter any server identity related problems)

These cluster system connections however can be problematic if your SSH/SFTP client cannot accept multiple identities per server address (IP/FQDN), but luckily Tectia Client/ConnectSecure can handle these situations.

Tectia Client/ConnectSecure can be configured to accept multiple server identities per IP/FQDN/port, and here's how to do it:

Windows/Linux/Unix/Windows/zOS:

A) During initial connection setup when you will see the server authentication prompt, instead of blindly accepting the server' identity information, please check that the fingerprint information is really correct(!). After you are certain that the fingerprint information is correct, you can then select an option from the Tectia Client's/ConnectSecure's menu screen which will then store SSH server's identity information for future use.

Windows:

alt text

Linux/Unix/zOS: alt text

B) In this special case when there is a cluster system and the identity information can change on each and every connection attempt, we will need to connect multiple times to the cluster system in order to store identity information from multiple cluster nodes (we need to connect multiple times in a row or we can append information manually into the hashed hostkey file).

So, after the very first fingerprint checking phase, during subsequent connections to the same cluster system, Tectia Client/ConnectSecure offers you an additional menu item during the server authentication phase (=fingerprint checking) which then allows you to store multiple identities per server address.

This option can be really handy, and can be seen below:

Windows: alt text

Linux/Unix/zOS: alt text


You can also do the whole process manually without GUI by somehow collecting all cluster nodes' public hostkey files (i.e. hostkey.pub files) and by appending those files then into the hashed hostkey file.

A) Connect once to the cluster node to create the hashed hostkey file + check fingerprint information + accept fingerprint information if it is correct.

alt text

B) After you have stored the very first public hostkey file, you can use command line tools to find out what is the file name, and after you have found the file name, you can append other .pub hostkey files into the file.

An example can be seen below:

  • Linux/Unix/zOS instructions follow the same principle

alt text

After appending .pub hostkey files into the hashed hostkey file, you will not encounter fingerprint prompt anymore (if the information doesn't change, and, is correct).




Hopefully this helps! Some times we need to use special tricks :D

--SamiM

link

answered Feb 02 '12 at 13:32

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×17
×4
×3

Asked: Feb 02 '12 at 11:07

Seen: 6,632 times

Last updated: Feb 02 '12 at 13:32

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.