Scheduled Config Export fails with error message "Failed exporting config bundle via ssh"

"Failed exporting config bundle via ssh to <host-name or IP>. No ECDSA host key is known for <host-name or IP>
 ....Host key verification failed....lost connection"

• Any Panorama device
• PAN-OS 8.1 and above

• After configuring "Scheduled Config Export", Panorama initiates a connection to the server.
• The server presents a copy of its public host key and panorama attaches the host key to the IP address of the server and saves it in its local host key store database.
• If the host key presented by the server on a subsequent connection does not match with its local host key database; Panorama generates this system log and Scheduled Config Export fails.

1. Delete the host keys from Panorama's key store using the following command. Please note that this command will remove all of the host keys stored in the Panorama devices hence apply the step 2 and 3  to all servers configured for config export.

> delete user-file ssh-known-hosts

2. To get a copy of the new host key, start a test connection via CLI. (It is expected for the test connection to fail). As a security precaution, please verify the validity of the host key by your system administrator before proceeding further.

> test scp-server-connection initiate port <port number> hostname <host-name> username <user-name> password <password>

3.  Note down the key value from step 2 and install the key

> test scp-server-connection confirm hostname <IP or hostname>  key "<Ip or hostname> ssh-rsa <rsa key from above>"