i have this specific use case:
two sps connection policy, one for access from SPP and one for access from Remote Access and these two connection policies have two different keys (under SSH Control --> Client side host key settings (ECDSA key). In the known_hosts of the windows server where i am starting the sessions there are both keys of the two connection policies and in the SSH Control --> Server Host Keys i have two keys about that linux server.
from SRA i can access to the linux server and from SPP not.
i get the classic error about MAN IN THE MIDDLE because it is not recognized the relative key, there is a mismatch about SSH Host Key between linux server and safeguard.
The black window that appear basically shows this message:
********************************************
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSBILE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man in the middle attack)
It is also possible that a host key has just been changed
The fingerprint for the ECDSA key sent by the remote host is
SHA256: 82h4c2nh4hqc4h3'q4hm37897h1'349 (for example)
Add correct host key in C:\\Users\\adm-abcdefg/.ssh/known_hosts to get rid of this message
Offending ECDSA key in C:\\Users\\adm-abcdefg/.ssh/known_hosts:2
ECDSA host key for 10.74.14.88 has changed and you have requested strict checking
Host key verification failed
***********************************
how can i resolve this issue?
which is the best and the right configuration about this?
It seems that if I launch the connection from SPP I go through the connection policy of the SRA which has its own precise key and in the black window which appears I see that the host only ever sends me the same key which is the one I see in the connection policy of the SRA but I am accessing from SPP so I should go through the connection policy safeguard_default. What's going on? Can anyone help me clarify the problem?
i am going crazy
thank you very much
