SSH
Home Prev Up Next  

Replacing Host Public Key on Client-Side

z/OS Example
Windows Tectia Client Example

For file transfer scripts or other non-interactive users, the public host key needs to be replaced on the client-side for clients that do not support hostkey rotation, for example file transfer jobs originating from Tectia SSH Server on IBM z/OS.

After the host key change client-side tools that obtain the current host key from the server like Tectia ssh-broker-ctl probe-key or ssh-keyfetch can be used. The following command can be used to view keys in local host key store(s) for the server:

ssh-keygen-g3 -F host_id

where host_id is hostname or address#port, e.g. serverhost

z/OS Example

Verify the fingerprint automatically and replace the key, for example z/OS Tectia SSH Server version 6.6.9:

ssh-broker-ctl probe-key --hostkey-fp=expected-fingerprint \
--save-hostkey serverhost

The ssh-keyfetch tool can be used with Tectia SSH Server version 6.6.8 and below on IBM z/OS.

Windows Tectia Client Example

Replace the key hashed format and verify the fingerprint manually from output:

ssh-keyfetch --append=no -a -f hashed serverhost
Home Prev Up Next  

Copyright © 2025 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information