[Freeipa-users] GlobalKnownHostsFile changes produce unexpected behavior
Jan Cholasta
jcholast at redhat.com
Tue Jun 25 06:46:24 UTC 2013
On 19.6.2013 21:36, Matthew Barr wrote:
> This may need to be passed upstream to the SSH maintainers or openssh
> folks, but:
> (Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 )
>
> IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by
> adding (at least) a line :
>
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
>
> Default behavior of SSH when that isn't present is to check both
> /etc/ssh/ssh_known_hosts2 & /etc/ssh/ssh_known_hosts for keys. This is
> documented in the ssh_config man page.
>
>
> However, when the line is present with the sssd change, the OS only
> checks for /etc/ssh/ssh_known_hosts2, plus the file in /var/lib/sss.
I don't think it checks /etc/ssh/ssh_known_hosts2, since the
GlobalKnownHostsFile2 option was deprecated in OpenSSH 5.9, unless of
course you have an older version of OpenSSH installed.
>
> It still checks for both $HOME/.ssh/known_hosts &
> $HOME/.ssh/known_hosts, either way. (that's controlled by a different
> option.)
>
>
> Should IPA / SSSD be adding back in the default value, until such time
> as it's fixed in the upstream?
I'm not sure I understand, what do you think should be fixed?
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list