Share via

Windows 2022 OpenSSH "Unable to Verify Remote Host"

rr-4098 2,051 Reputation points
2023-06-05T19:22:54.68+00:00

I have setup OpenSSH on my Windows 2022 server and can ssh to a target server using key authentication. The problem is I can only do so if I type "yes" to accept the connection since it cannot verify the remote host. I believe this may be a result of the fact the person who created the key's only used the short name of the host and not the FQDN. Anyway it would be hard to change the keys now since they are using it in their code.... I know .. no comment.... anyway I tried adding the key to the known_host files but no luck. Is there a host wide file for this instead of per user? I did confirm using the ssh -o 'strickthostkey no' works but rather not use it if I can avoid it.

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,766 Reputation points
    2023-06-06T09:33:04.3866667+00:00 
    Hello rr-4098,

Thank you for your question and for reaching out with your question today.

Yes, there is a host-wide file for storing known hosts information in OpenSSH on Windows. It is located at `%ProgramData%\ssh\ssh_known_hosts`. This file is used to store the keys of known hosts that are trusted by all users on the system.

To add the key of the target server to the host-wide known hosts file, you can follow these steps:

1. Open a Command Prompt with administrative privileges.
2. Run the following command to add the key to the known hosts file:

    ssh-keyscan -H -t rsa <target-server-ip-or-hostname> >> %ProgramData%\ssh\ssh_known_hosts

       Replace `<target-server-ip-or-hostname>` with the IP address or hostname of the target server.
3. Type "yes" and press Enter when prompted to add the key to the file.
4. The key for the target server should now be added to the host-wide known hosts file, and subsequent SSH connections to that server should not prompt for verification.

Note that you may need to restart the SSH service (`sshd`) for the changes to take effect.

By adding the key to the host-wide known hosts file, all users on the system should be able to connect to the target server without encountering the verification prompt.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Best regards.
    0 comments
  2. rr-4098 2,051 Reputation points
    2023-06-06T14:16:05.59+00:00

    I ran the command stated which completed successfully, and no longer getting a prompt with the unable to verify remote host message, but other users are. I am restarting the SSHd services now to see if it will help.

    0 comments
  3. rr-4098 2,051 Reputation points
    2023-06-07T13:21:40.46+00:00

    Restarting the SSH services on both servers did not help.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.