...

Typical command line syntax (most systems):

Your identification key has been saved in /tmp/keystore
    Your public key has been saved in /tmp/keystore.pub

Finally, on the SCP server host, append /tmp/keystore.pub to $HOME/.ssh/authorized_keys. If the $HOME/.ssh/authorized_keys is not there it must be created.

...

The SCP agent uses a file with known host keys to validate the server identity during connection setup. The location and naming of this file is managed through the property:

It is set in the <pico name>.conf file of the relevant EC to manage where the file is saved. The default value is ${mz.home}/etc/ssh/known_hosts.

...

For unlimited strength cryptography on the Oracle JRE, download the JCE Unlimited Strength Jurisdiction Policy Files from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. Replace the jar files in $JAVA_HOME/jre/lib/security with the files in this package.

The OpenJDK JRE does not require special handling of the JCE policy files for unlimited-strength cryptography. 

SCP Agents Server Keys

The SSH protocol uses host verification to guard against attacks where an attacker manages to reroute the TCP connection from the correct server to another machine. Since the password is sent directly over the encrypted connection, it is critical for security that an incorrect public key is not accepted by the client.

The agent uses a file with known hosts and keys. It will accept the key supplied by the server if either of the following is fulfilled:

1. The host is previously unknown. In this case, the public key will be registered in the file.

2. The host is known and the public key matches the old data.

3. The host is known however to have a new key and the user has configured it to accept the new key. For further information, see the description of the Advanced tab.

If the host key changes for some reason, the file will have to be removed (or edited) in order for the new key to be accepted.