[Freeipa-users] Odd problem with SSSD and SSH keys
Jan Cholasta
jcholast at redhat.com
Tue Jan 14 10:43:36 UTC 2014
On 13.1.2014 22:18, Jakub Hrozek wrote:
> On Mon, Jan 13, 2014 at 02:44:29PM -0500, Bret Wortman wrote:
>> They're definitely different. I deleted the one in the file, then
>> tried again. It put the bad key back in the file. I blew the whole
>> file away and the same thing happened. Where is this key coming from
>> if not from IPA?
>
> Can you try running sss_ssh_knownhostsproxy manually to see what key
> does it return?
>
> The keys are propagated to the file from the sssd database. If the client
> was offline, the client could use stale records. Can you verify the client
> has no connectivity issues?
>
> Honza (CC-ed) might have some more hints.
>
Compare the public key in /etc/ssh/ssh_host_rsa_key.pub on the host with
the public key for that host in IPA. If they do not match, the host key
was changed after IPA client was installed and the host record in IPA
must be manually updated with the new key.
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list