If you're experiencing connection issues with the your data feed from your ERP to Catalyst on Azure Blob Storage SFTP and have received a warning about a changed host key, follow the steps below to address the problem.
This page contains the following topics:
- Description of the possible issue
- Possible warning message
- Solution and background information
- Troubleshooting tips
Issue Description
You've encountered a warning message indicating a remote host identification change, and the connection to your data feed on Azure Blob Storage SFTP has failed. This could potentially be a security concern, and it's crucial to take immediate action to investigate and resolve the issue.
Warning Message Received
Example below:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:s/examplestring
Please contact your system administrator.
Add correct host key in /HOME/SSHUSER5/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /HOME/SSHUSER5/.ssh/known_hosts:1
ECDSA host key for customerstorageprod.blob.core.windows.net has changed and you have requested strict checking.
Host key verification failed.
Connection closed.
Solution
To resolve this issue and regain access to Azure Blob Storage, you need to reset your host key. Follow the steps below:
-
Visit the Azure Documentation:
Navigate to the Azure documentation on Secure File Transfer Protocol Host Keys for detailed information on valid host keys. -
Read About Valid Host Keys:
Understand the list of valid host keys used to connect to Azure Blob Storage from SFTP clients. The documentation provides insights into Blob Storage support for SFTP and how to securely connect. -
Frequently Asked Questions:
Review the frequently asked questions section to get more clarity on SSH host keys, their purpose, and recommended actions for clients. -
Add the New Host Key:
Follow the guidelines provided in the documentation to add the new host key to your list of trusted hosts. The steps may vary depending on the SFTP client you are using. -
Host Key Rotation:
Keep in mind that host key rotations are gradual and may take multiple days. Either the old or new host key may be presented during this transition period. -
Strict Host Key Verification:
It is not recommended to disable strict host key verification. Verifying the host key presented during connection is crucial to protect against potential Man-In-The-Middle (MITM) attacks.
Troubleshooting
To address any connection issues, we recommend the following steps:
-
Delete the Known Host File: Start by deleting the known host file associated with your SFTP connection.
-
Attempt Connection: After deleting the known host file, try to establish the SFTP connection again. During this process, the system will prompt you to validate the new host key.
-
Confirm New Host Validity: Upon connection attempt, confirm that the new host key is valid by selecting 'yes' when prompted.
-
Password Prompt: If the original key authentication failed during host validation, you might encounter a password prompt. This is expected behavior due to the change in host keys.
-
Initiate New Session with Key Pair: Close the current session and initiate a new session using the existing key pair but with the updated host file. This should enable seamless functionality moving forward.
By following these steps and ensuring your documentation reflects these changes, you should be able to successfully resolve the issue and maintain smooth SFTP connections.
By following these steps, you should be able to reset your host key and establish a secure connection to Azure Blob Storage via SFTP. If you encounter any further issues, please contact Azure support for additional assistance.
Comments
0 comments
Article is closed for comments.