Your browser does not allow storing cookies. We recommend enabling them.


Storing Remote Server Host Keys

When opening the transparent tunnel or an SFTP session with FTP-SFTP conversion, accepting new or changed server host keys cannot be prompted from the user. In addition, transparent FTP tunneling and FTP-SFTP conversion always use the IP address of the Secure Shell server when opening the secure tunnel. This means that the host keys of the Secure Shell tunneling servers must be stored beforehand based on the IP addresses of the servers.

The keys can be stored by connecting to each host individually with the IP address of the host using an interactive shell and accepting the host keys one by one, or by using the ssh-keydist-g3 key distribution tool. More information and examples on storing remote server keys can be found in Tectia Server 6.5 for IBM z/OS User Manual.

Disabling Host Key Check

As an alternative to storing the remote server host keys, it is possible to disable the host key checking entirely. To do this, set the auth-server-publickey element's policy attribute to "advisory" in the ssh-socks-proxy-config.xml file. In the following example the auth-server-publickey element is defined under default settings (default-settings/server-authentication-methods). It can also be defined per connection profile (under profiles/profile/server-authentication-methods).

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE secsh-broker SYSTEM 
<secsh-broker version="6.4" >

      <auth-server-publickey policy="advisory" />


Consider carefully before setting the policy to advisory. Disabling the host key checks makes you vulnerable to man-in-the-middle attacks.

For more information on the host key policy settings, see Appendix Connection Broker and SOCKS Proxy Configuration Files in Tectia Server 6.5 for IBM z/OS User Manual.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more