Problem

When attempting to establish a connection to a remote site, the following error is observed in the SC log, indicating that the SSH fingerprint key of the remote server differs from the one currently used:

INFO SFTP ---> Host authentication refused for <user> : host key mismatch (x:x:x... / y:y:y...)
ERROR SFTP SshError: The host key was not accepted [Unknown cause], reason=8

Where "x:x:x..." is the current fingerprint and "y:y:y..." is the actual SSH fingerprint of the remote server. The current fingerprint can be checked from the Advanced menu of the connection site in the SecureClient GUI -> Security -> Server Key field.

The most common reason for this could be:
- The server has been reinstalled/rebuilt
- The SSL certificate has been updated
- Sometimes this also could indicate some type of attack.

Resolution

In order to accept a connection to the remote server and accept the new SSH fingerprint, the current fingerprint should be cleared and the new one should be accepted. On Windows, this can be accomplished as follows:

1. Navigate to Advanced menu of the connection site -> Security -> Server Key field

2. Select Clear

3. Save and Connect

4. You would be asked if you want to trust the new key -> select 'Trust' and check the Server Key field for the status of the new SSH fingerprint key

On Unix/Linux, instead edit the site file (located in USERHOME/axway/SecureClient/data/site, and named with the site alias), find the SFTPServerFingerprint entry, and remove the value after the = sign. Then, the next time you connect, it will ask you to trust the new key. (This method works on Windows too, as an alternative to using the GUI.)