search cancel

Endpoint Protection Manager Client Deployment Wizard may fail when using known hosts file to verify remote Mac computers

book

Article ID: 163677

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When depoying SEP (Symantec Endpoint Protection) clients to Mac computers with "Remote Push" from SEPM (SEP Manager), if a known hosts file is being used to verify the identify of remote Mac computers then the Client Deployment Wizard may fail at the point of adding targets for the installation package.

"The specified file is not a valid known_hosts file. Choose a valid file, and try again."

"Login to [Mac computer name (IP address)] failed. The client could not be installed on the remote computer.
For detailed information about possible solutions, see the following Symantec Technical Support Knowledge Base article:
Error: "Login to [computer] failed. Check the username and password and try again.""

In SEPM scm-server logging: "Failed to open known Host File"

Environment

Mac OS X, macOS

Cause

The SEPM currently supports only SSH-RSA authentication keys in the known hosts file; any other format results in the errors described above.

Resolution

The solution is to replace affected entries in the known hosts file with the SSH-RSA public key from the target Mac computers.

Entries in known hosts file are of the following layout:

hostname, IP_address public_key_format public_key

Replace [public_key_format    public_key] with the contents of ssh_host_rsa_key.pub from the Mac; ssh_host_rsa_key.pub is generally found in /etc/ssh/ 

For example, change:

myMac,192.168.1.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY ...

... to:

myMac,192.168.1.8 ssh-rsa AAAAB3NzaC1yc2EAA ...