Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
I am trying to setup a bookmark for clientless access using ssh private/pub key for authentication. The host is Ubuntu 18.04.
When I try to connect to the host, I get the error: No ECDSA host key is known for 'ip' and you have requested strict checking. Host key verification failed.
I can't find any reference to this searching. What am I missing?
I am using the ssh_host_rsa priv/pub keys.
Hi Damon Gladbach Would you please try the steps mentioned in below thread if that works for you..?https://community.sophos.com/products/xg-firewall/f/vpn/92922/ssh-bookmark-issue
In reply to Vishal_R:
I had seen this post and it wasn't addressing what I was actually trying to do.
I was hoping to use just private/public key that the VM was used during setup, and login with just those credentials. I didn't want to have to connect to the VM and setup a password for the user, and still use the public key.
VM was created on an Openstack cloud, which is installed with the users keypair (tried to use in the bookmark). The idea is that you can use just that keypair to login to the VM. (as from other ssh clients)
Not sure why it doesn't do that with the sophos ssh public/private key authentication method, but I have gotten priv/pub auth to work for a sftp bookmark.
In reply to Damon Gladbach:
Also, even with the ssh option with password/public key, I get a lot of SSH host key changed errors. Seems like a 'known_host' issue with an invalid key for that IP, but from looking at the /tmp/clientless folder on the sophos gw, it seems like each time a new session is created a new one is created specific to that session. Even tried removing all the old sessions there, but still doesn't help. Is that data also stored somewhere else?