I have a server, running the OpenSSH daemon (sshd) in an unix environment. My server is actually a three-node cluster. This means I have a hostnanme (Digiport), which points to one of three active servers. To the remote client, the Digiport cluster is the only hostname they know. They may actually point to either digiport1, digiport2 or digiport3, each with its own "hostkey". The problem the clients experience, is if their key was initialized on digiport1, and we failover to digiport3, the users get an error, that warns them of the different key for digiport.
Manually you can accept the new key, and assume the risk yourself. The developers of the application using WinSCP to SFTP to the digiport server, wants to automate this, and assume the risk for DIGIPORT, as this is all "scripted" behind the scenes. The users are not aware of the technical process, and shouldn't have to acknowledge anything. There is security document that explains the technical portion, but the users do not need to be part of the process.
How can the user have three seperate keys for one set of clustered servers? Or:
How can the script automatically accept the new key, without being prompted?
Please advise soonest to:
Kevin S. Leonhardt