[Freeipa-users] GlobalKnownHostsFile changes produce unexpected behavior
Matthew Barr
mbarr at snap-interactive.com
Wed Jun 19 19:36:42 UTC 2013
This may need to be passed upstream to the SSH maintainers or openssh folks, but:
(Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 )
IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by adding (at least) a line :
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
Default behavior of SSH when that isn't present is to check both
/etc/ssh/ssh_known_hosts2 & /etc/ssh/ssh_known_hosts for keys. This is documented in the ssh_config man page.
However, when the line is present with the sssd change, the OS only checks for /etc/ssh/ssh_known_hosts2, plus the file in /var/lib/sss.
It still checks for both $HOME/.ssh/known_hosts & $HOME/.ssh/known_hosts, either way. (that's controlled by a different option.)
Should IPA / SSSD be adding back in the default value, until such time as it's fixed in the upstream?
Matthew Barr
Technical Architect
E: mbarr at snap-interactive.com
AIM: matthewbarr1
c: (646) 727-0535
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130619/994c2767/attachment.htm>
More information about the Freeipa-users
mailing list