When depoying SEP (Symantec Endpoint Protection) clients to Mac computers with "Remote Push" from SEPM (SEP Manager), if a known hosts file is being used to verify the identify of remote Mac computers then the Client Deployment Wizard may fail at the point of adding targets for the installation package.

"The specified file is not a valid known_hosts file. Choose a valid file, and try again."

"Login to [Mac computer name (IP address)] failed. The client could not be installed on the remote computer.
For detailed information about possible solutions, see the following Symantec Technical Support Knowledge Base article:
Error: "Login to [computer] failed. Check the username and password and try again.""

In SEPM scm-server logging: "Failed to open known Host File"

Mac OS X, macOS

The SEPM currently supports only SSH-RSA authentication keys in the known hosts file; any other format results in the errors described above.

The solution is to replace affected entries in the known hosts file with the SSH-RSA public key from the target Mac computers.

Entries in known hosts file are of the following layout:

hostname, IP_address public_key_format public_key

Replace [public_key_format    public_key] with the contents of ssh_host_rsa_key.pub from the Mac; ssh_host_rsa_key.pub is generally found in /etc/ssh/ 

For example, change:

HostName,##.##.##.## ecdsa-sha2-nistp256 [Key]

... to:

HostName,##.##.##.## ssh-rsa [Key]