Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Host Key Distribution Process

This section gives more technical details on host key distribution.

Host key distribution is based on the host name determined by the Management Agent (see Hostname Resolution Mechanism), and the default Secure Shell port 22. Secure Shell clients should connect using a short or long hostname instead of an IP address.

Only the default server identity (/etc/ssh2/hostkey) is supported in host key distribution.

If a host key pair is regenerated or deleted, the public host key on all managed hosts is updated automatically, and a Notice level message "Host key changed on <hostname>" is displayed in the event log.

The Management Agent checks the host key for changes on the managed host every five minutes and for host key updates from the Management Server every five minutes. So if all goes well, it takes 10 minutes for a changed host key to be distributed back to the originating host. The time can be longer or even shorter for the other hosts in the environment.

If the host key update for a host fails, the Management Server will retry the update once per hour, assuming the host is connected. Disconnected hosts will receive updates once connected. The next update time is displayed on the Host key distribution page of the host. The update can also be done manually by clicking the Retry host key distribution now button. It will only send information on keys that need to be updated.

All host keys in the managed environment can be resent anytime to a host from the Host key distribution page by clicking the Resend all host keys to this host button. This will always send all host keys of the environment to the host.

If host key distribution is not supported for the Secure Shell product or version, it is displayed on the Host key distribution page of the host, and the event log contains an Informational-level message, such as "SSH Secure Shell Server 3.0.0 on <hostname> not supported for host key updates".


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more