Owner's Manual
92 Security
• Enabling Strict Host Key Checking
• Populating the SSH known_hosts File
• Troubleshooting SSH
• SSH HostKey Errors
Enabling Strict Host Key Checking
To enable strict host key checking you need to configure a host entry in the SSH configuration file
setting
StrictHostKeyChecking
to yes. The default SSH configuration file located in
$OWARE_USER_ROOT/owareapps/ezmediation/lib/default_ssh_config
. Make a
copy of this file, renaming it to
ssh_config
. In the copied file set the property
StrictHostKeyChecking
to
yes
for example.
Host *
StrictHostKeyChecking yes
To specify settings for a specific host the entry would look something like
Host 192.168.1.118
StrictHostKeyChecking yes
Comments at beginning of configuration file describe other options.
You must do this change on each mediation server and on each application server if they are
providing mediation services.
Once you have enabled strict host key checking you may see an error dialog that indicates host key
rejection. (Message:
SSH Host Key rejected for [user] against [host IP
address] using SSH v2
) This indicates that you need to update your
known_hosts
file.
Populating the SSH known_hosts File
The
known_hosts
file is in the installation directory at
~/.ssh/known_hosts
(On Linux, that
is the OpenManage Network Manager running user's home directory (for example
/root
or
/
export/home/username.
On Windows it is the same as
$OWARE_USER_ROOT
). If you
enable strict host key checking you must make sure that this file has all the host keys for all devices
you plan to manage that support SSHv2.
One way to populate the
known_hosts
file is to connect to each device on the command line in a
way that it will add a host entry to the
known_hosts
file. Below is an example session on
Windows.
C:\Dell>oware