Example (No DNS)
Any time the IP or hostname
of the HSM appliance has changed (such as moving from a pre-production
environment), the client(s) that have previously connected via SSH will
detect a mismatch in the HSM appliance's server certification information
and warn you of potential security breach. In
this case you will need to remove that server's certificate information
from the client’s known host file found in:
/<user home dir>/.ssh/known_hosts2
If this is happening in a production environment,
this could potentially be a security breach needing investigation.
Similarly, when you first open a scp or
ssh link, you must accept the certificate.
You can check the fingerprint of the certificate with:
lunash:> sysconf fingerprint -ssh
Next, "Register the HSM Server Certificate with the Client (UNIX)".