- SSH Key Question.png (13.4 KiB) Viewed 3984 times
- SSH Key Question 2.png (11.15 KiB) Viewed 3984 times
- SSH Key Question 3.png (24.7 KiB) Viewed 3984 times
SSH Public Keys
SSH Public Keys
We have a setup similar to the diagram below. Two Linux servers with static hostnames, but have DNS A records that alternate between Production and Disaster Recovery every 6 months.
We use Syncovery to send files from a Windows Server to PRD-SVR. I've found that the last time we switched servers, the Syncovery transfers stopped because the SSH public keys it had expected to see had changed. In PuTTY if you do this, you get the below warning.
In PuTTY you can add multiple SSH Public Keys so PuTTY won't show those errors and will autoconnect as normal. Below is an example (The SSH Keys shown are randomly generated from a website - "8gwifi.org - Crypto Playground" so aren't used anywhere on my actual system.)
Is there a way to add public keys to Syncovery so when I tell a profile to connect to a server via a DNS name that will change, it won't pause the job?
We use Syncovery to send files from a Windows Server to PRD-SVR. I've found that the last time we switched servers, the Syncovery transfers stopped because the SSH public keys it had expected to see had changed. In PuTTY if you do this, you get the below warning.
In PuTTY you can add multiple SSH Public Keys so PuTTY won't show those errors and will autoconnect as normal. Below is an example (The SSH Keys shown are randomly generated from a website - "8gwifi.org - Crypto Playground" so aren't used anywhere on my actual system.)
Is there a way to add public keys to Syncovery so when I tell a profile to connect to a server via a DNS name that will change, it won't pause the job?
Re: SSH Public Keys
Hello,
yes Syncovery will remember multiple SSH keys, but the best way is to connect to each server once and manually confirm the key.
The keys are stored in Syncovery.ini in the line
KnownSSHHosts=
The key hashes are comma separated, and the value string also starts with a comma.
The key hashes should be the same that PuTTY shows, but there are multiple different ones, such as MD5 and SHA1, so you need to compare and check which one Syncovery uses versus PuTTY if you want to add a key hash to Syncovery.ini manually.
In some cases it might also be OK to disable fingerprint checking by adding the line
AcceptAllSSHServers=1
to the [Main] section of Syncovery.ini.
But only if you can be sure that there will not be any man-in-the-middle attack (for example, if you are connecting directly to the server within a trusted network/VPN).
yes Syncovery will remember multiple SSH keys, but the best way is to connect to each server once and manually confirm the key.
The keys are stored in Syncovery.ini in the line
KnownSSHHosts=
The key hashes are comma separated, and the value string also starts with a comma.
The key hashes should be the same that PuTTY shows, but there are multiple different ones, such as MD5 and SHA1, so you need to compare and check which one Syncovery uses versus PuTTY if you want to add a key hash to Syncovery.ini manually.
In some cases it might also be OK to disable fingerprint checking by adding the line
AcceptAllSSHServers=1
to the [Main] section of Syncovery.ini.
But only if you can be sure that there will not be any man-in-the-middle attack (for example, if you are connecting directly to the server within a trusted network/VPN).
Re: SSH Public Keys
Thanks for the detailed reply. I had a look and can see all the relevant SSH Fingerprints in the Syncovery file so when we plan our next failover it should all be fine.
I don't think the AcceptAllSSHServers=1 option is the most appropriate setting for our environment, but it's good to know it's there.
Thanks for your reply. It has helped me immensely.
I don't think the AcceptAllSSHServers=1 option is the most appropriate setting for our environment, but it's good to know it's there.
Thanks for your reply. It has helped me immensely.