[Freeipa-users] Multiple Domains and SSH
Jan Cholasta
jcholast at redhat.com
Wed Nov 19 06:51:46 UTC 2014
Hi,
Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):
>
>> On 18 Nov 2014, at 23:12, Dmitri Pal <dpal at redhat.com> wrote:
>>
>> On 11/18/2014 01:07 AM, Christoph Kaminski wrote:
>>> Hi
>>>
>>> I can reach each host here via ssh on multiple domains:
>>>
>>> host.mydom.int
>>> host mydom.net
>>> host.mgmt
>>>
>>> sss_ssh_knownhostproxy does work only on the domain which I have use to register to ipa (mgmt), on the other domains I get ever "The authenticity of host 'host.mydom.int (<no hostip for proxy command>)' can't be established."... why?
Because it does not know that the hostnames refer to the same host.
Do you have a reverse DNS record set up for the host? Does it point to
the same hostname that you used to register the host in IPA?
>>>
>>
>>
>> And other hosts in those domains are not registered?
>> May be you should try to add a host entry and SSH digest to IPA even if they are not enrolled?
This would work too.
>>
>
> Maybe Honza would have some tips for debugging...
See pages 13-16 of
<http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list