Tectia ConnectSecure supports also the OpenSSH-style known_hosts
file that
contains the public key data of known server hosts, and reads the file by default from the
default location, from the user-specific file
$HOME/.ssh/known_hosts
or from the system-wide file
/etc/ssh/ssh_known_hosts
. Both hashed and plain-format host keys are
supported.
In case you wish to define other files to be used for the known host keys, you can
specify the files in the Connection Broker configuration file ssh-broker-config.xml
by using the known-hosts
element. Several file
locations can be defined to be checked for known host keys, and the Connection Broker will read them in
the order they are defined in the ssh-broker-config.xml
file. Since the
configuration file settings will override the default behavior, you need to define also the
default locations of the OpenSSH-style known_hosts
file, in case you
want them all to be read. For example:
<general> ... <known-hosts path="/home/username/.ssh/known_hosts" /> <known-hosts path="/etc/ssh/ssh_known_hosts" /> <known-hosts path="/home/.ssh2/hostkeys" /> <known-hosts path="/u/username/.ssh2/hostkeys" /> </general>
You can disable OpenSSH known_hosts
file handling by defining an
empty setting: known-hosts path=""
. After this, only the Tectia-related
hostkey directories will be used.
The OpenSSH known_hosts
file is never automatically updated by
Tectia ConnectSecure. New host keys are always stored in the Tectia
$HOME/.ssh2/hostkeys
directory or in the directory configured as the
last one in ssh-broker-config.xml
. See
known-hosts
for details.