Unknown Host Key

Updated 2 months ago by James Dunn

The host key length is 4096 bits which may be too large for some older FTP clients. Ensure that you are using a version of your SFTP client (or client library) that the vendor currently supports.

In 2020, we upgraded our encryption keys to 4096-bit RSA. You should see one of the following SSH host key fingerprints:

SHA256:npYmj8dqQjp3XqH1VVlOSjW2CbcSrt43bXDMzNXkKxs MD5:8e:15:c8:81:c2:1f:23:a2:64:82:76:40:8c:12:58:40
SHA256:g+kpwxVcKZAqFFbwpG/c44yACwMzzEENQlKN4EzQRO4
MD5:b8:65:5e:f5:e0:9f:0d:83:9e:3d:da:b0:fb:12:b0:68

SFTP Graphical Interface (GUI)

If you received a warning in your SFTP client about an "Unknown host key", verify it matches one of the above, check the checkbox to save the key, and click OK. Then resume normal use.

SFTP Command Line (CLI)

If you use a command line SFTP client, you may receive the warning below. To acknowledge and accept our new security key, type yes when you have verified the key fingerprint matches one of the above.

Automations

If you use scripts to automate your file transfers, you may need to manually intervene by logging in once on the system running your scripts and accepting the new host key

  1. Open the Terminal/Shell/Command Prompt and attempt to make an SSH connection.
    1. ssh <server address>
  2. You should be prompted about the host key (shown above). Type yes and press Enter/Return.
  3. Press ctrl-c to break out.
    Shell access is not permitted for security, but SFTP is.
  4. Now try your SFTP connection again.
    1. sftp username@<server address>
  5. If this does not work, you will need to manually edit the known_hosts file that is typically found in your home folder on the local machine at ~/.ssh/known_hosts
Ctrl-F to search for your Server Address and remove the corresponding line(s) from the file.
Some command line SFTP clients have an option to supply the host key fingerprint as a parameter.


How Did We Do?