When a key mismatch occurs ssh and boks_sshd are not presented with the option to clear cache in case the host key has been renewed




By default, ssh and boks_sshd try to retrieve the host key of peer from boks_cached, which in turn downloads the key from a BoKS server.

In the case where a host key has been renewed, the cache must be refreshed. This is done so that in the case of a key mismatch, ssh or boks_ssh will again request the key from boks_cached with an option set that the retrieved key was wrong.

Due to a bug in BoKS 6.7.0 the clear cache option is not provided to boks_cached by either ssh or boks_sshd in the event of a key mismatch.


Resolution / Workaround


Install the hotfix HFBM-0033 from the HelpSystems Community Portal.

The hotfix includes a fix ensuring the clear cache option is provided to boks_cached in the event of a key mismatch.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: November 12, 2019