SSH: Handling Server Host Key Rejected Error


When establishing an SSH connection, the server presents a host key to the connecting client. If this key is not already trusted, the connection will fail with the error: Server's host key has been rejected by user.

To resolve this issue, you can configure the client to trust the server's host key using one of the following methods:

  • Set the SSHAcceptServerHostKey property to the server's public key.
  • Accept the key via the SSHServerAuthentication event.
  • Set the SSHAcceptAnyServerHostKey configuration setting to accept any host key (not recommended for production environments).
  • Set the SSHAcceptServerHostKeyFingerPrint configuration setting.

Note The SSHAcceptServerHostKey property is a Certificate type and can be set to the e.HostKey value obtained from within the SSHServerAuthentication event. Note: In earlier versions of the toolkit, as well as in the BizTalk adapter and SSIS tasks, this property is a string type and accepts fingerprint values.

BizTalk Adapter

If you are using the BizTalk adapter:

  • Set the SSH Accept Server Host Key property to the public key file.
  • To accept any host key, expand the property and set Accept Any to Yes.
  • To accept based on fingerprint, set the Other property to:

SSHAcceptServerHostKeyFingerPrint=a1:2b:3c...

SSIS Task

If you are using the SSIS task:

  • Set the SSHAcceptServerHostKey property to the public key file.
  • To accept any host key, set SSHAcceptServerHostKeyAcceptAny to True.
  • To accept based on fingerprint, set the Other property to:

SSHAcceptServerHostKeyFingerPrint=a1:2b:3c...

In order to accept the key programmatically with the component you may follow this example:

**C#** 
sftp.SSHAcceptServerHostKey = <span style="color: #0000FF">new</span> <span style="color: #2B91AF">Certificate</span>(<span style="color: #2B91AF">CertStoreTypes</span>.cstSSHPublicKey, myHostKeyB, <span style="color: #A31515">""</span>, <span style="color: #A31515">""</span>); <span style="color: #008000">//Where myHostKeyB is a byte array containing the host key //obtained from SSHServerAuthentication event.</span> <span style="color: #008000">//Or</span> sftp.Config(<span style="color: #A31515">"SSHAcceptServerHostKeyFingerPrint=59:52:c8:db:..."</span>; <span style="color: #008000">//The fingerprint may be obtained from the SSHServerAuthentication event.</span> <span style="color: #008000">//Or</span> sftp.Config(<span style="color: #A31515">"SSHAcceptAnyServerHostKey=true"</span>);

Or in the SSHServerAuthentication event:

e.Accept = <span style="color: #0000FF">true</span>

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@nsoftware.com.