When connecting through an SSH connection policy, the user will sometimes receive error messages stating that host key verification failed, or a potential man-in-the-middle attack.
A DNS load-balancer is routing SSH connections between different SPS appliances using the one hostname and redirecting to different IP addresses.
The first connection will add the host key associated to the hostname to the known_hosts file and and the connection will succeed.
A subsequent connection when routed through a different appliance will fail if the client side host key offerings are not the same from every applicable appliance and connection policy.
1. Create a new SSH host key to be used on all of the SPS appliances and connection policies. The most common way is to use the CLI command ssh-keygen or application PuTTYgen. Make sure to use the proper algorithm and bit-size as required by company policy.
2. Upload this new private key to the setting "SSH Control > Connections — Client side host key settings" to the necessary connection policies on the Central Management node. The change should be replicated to Managed Hosts automatically soon after.
3. Remove the old entry for the hostname from the known_hosts file and accept the new expected one.