The Sumo Logic Collector can optionally verify the RSA fingerprint for a remote server against a list of known hosts. When host verification is enabled, the Collector collects from a Remote File Source only if the remote host fingerprint is whitelisted in a known_hosts file.
Generate a remote host key verification file
Remote host key verification uses the RSA algorithm to verify host keys. By default, SSH stores known host fingerprints in a known_hosts file located in ~/.ssh/known_hosts.
To obtain the RSA host key fingerprint, use SSH to access the remote server.
If the key fingerprint is not an RSA key fingerprint, use SSH to access the server again with the HostKeyAlgorithms configuration option, as follows.
ssh -oHostKeyAlgorithms=’ssh-rsa’ username@hostname
Example known_hosts file format:
192.168.1.2 ssh-rsa AAAAB3NzaC1...nXIDE=
184.108.40.206 ssh-rsa AAAAB3NzaC1...dlZDm=
220.127.116.117 ssh-rsa AAAAB3NzaC1...UffAaQ=
Enable Remote Host Key Verification
- Stop the Sumo Logic Collector service.
net stop sumo-collector
sudo ./collector stop
- Add the following line to the config/collector.properties file in the Collector installation directory and save the file.
ssh.host.verify.file = /pathto/known_hosts
- Start the Sumo Logic Collector service.
net start sumo-collector
sudo ./collector start
You can revert back to default configurations or disable the feature by removing the line you added from collector.properties and restarting the Collector service.