Change the DefaultDomain keyword in the ssh2_config file to reflect your fully qualified domain:
Setting this is mandatory if the HostbasedAuthForceClientHostnameDNSMatch keyword in the sshd2_config file on Server has been set to yes. But even if HostbasedAuthForceClientHostnameDNSMatch is not used, the DefaultDomain keyword is useful, for example, on AIX and Solaris, which report only the short hostname by default.
It is possible to use a certificate instead of the traditional public-key pair to authenticate the client host.
To enable host-based authentication with certificates on the client, do the following steps as ClientUser:
Add the following line in the /etc/ssh2/ssh2_config file:
Enroll a certificate for client. See User Authentication with Certificates for more information. The certificate must contain a dns extension which contains the fully qualified domain name (FQDN) of client. Note that the private key associated with the certificate needs to be stored with an empty passphrase.
Define the private key and certificate in sshd2_config on client: