Share via

Resolving Remote Host Identification Changes for SFTP on Azure Blob Storage

Abdul 2,540 Reputation points Microsoft Vendor
2024-07-31T10:00:15.6166667+00:00

Why am I receiving a "REMOTE HOST IDENTIFICATION HAS CHANGED" warning during SFTP login to Azure Blob Storage, and how can I resolve it?

 "PS - Based on common issues that we have seen from customers and other sources, we are posting these questions to help the Azure community."

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,855 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abdul 2,540 Reputation points Microsoft Vendor
    2024-07-31T10:02:54.03+00:00

    Greetings!

    The "REMOTE HOST IDENTIFICATION HAS CHANGED" warning occurs because the host keys on the Azure Blob Storage SFTP server have been rotated. This can happen periodically for security reasons. The warning message is a security feature to alert you to potential man-in-the-middle attacks or legitimate host key changes.

    To resolve this issue, you need to trust the new host keys presented by the SFTP server. Here are the steps to follow:

    1. Identify the New Key: When you see the warning message, it indicates that the host key has changed. You need to compare the new key's fingerprint with the one documented in Azure's official documentation.
    2. Accept the New Key: Depending on your SFTP client:
      • WinSCP: When prompted to accept the new key, compare the fingerprint with the one in the documentation. If it matches, accept the key, and WinSCP will add it to its cache for future connections.
      • Other Clients: If the client does not prompt you to accept the new key, you will need to manually add the new host key to the list of trusted hosts. This can usually be done by updating the known_hosts file, modifying the Windows registry key, or setting an environment variable for library-based clients.
    3. Verify the Key: Ensure the new host key matches the one provided in Azure's documentation to avoid accepting a potentially malicious key.

    For more detailed information on handling host key rotations and managing trusted hosts, refer to the Azure documentation: [Host keys for SFTP support for Azure Blob Storage](https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-host-keys

    ).

    Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.

    Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.