[Freeipa-users] sssd 1.13.3: sss_ssh_knownhostsproxy seems to break ssh -4
Harald Dunkel
harald.dunkel at aixigo.de
Mon Feb 22 07:14:51 UTC 2016
Hi Jakub,
On 02/19/2016 04:04 PM, Jakub Hrozek wrote:
> On Fri, Feb 19, 2016 at 03:27:50PM +0100, Harald Dunkel wrote:
>> Hi Lukas,
>>
>> I found an ubuntu manpage saying sss_ssh_knownhostsproxy is
>> an experimental feature.
>> Would you suggest to drop it
>> in ipa-client-install?
>
> It's not experimental (at least upstream) for several years.. What sssd
> version is that?
>
Just google for sss_ssh_knownhostsproxy; its top of the list:
http://manpages.ubuntu.com/manpages/precise/man1/sss_ssh_knownhostsproxy.1.html
AFAIK ubuntu uses freeipa 4.1.5 and sssd 1.13.3. Maybe they
did not update their man page on the web.
I am using sssd 1.13.3 on Debian 8. The local man page does not
say "experimental".
>>
>> IMHO this is a pretty annoying bug. I rely upon a port
>> redirection for ssh on IPv4. For IPv6 there is no
>> redirection, but the port is blocked in the packet filter.
>
> Would it help to set lookup_family_order to ipv4_only here so that ipv6
> is not even tried (or the other way around, depending on which AF you
> want to try..)
>
Thats exactly what I was trying to achieve with the "-4".
Sorry, but setting it globally conflicts with our efforts to
propagate IPv6. I can still manually lookup the IPv4 address
as a workaround.
Regards
Harri
More information about the Freeipa-users
mailing list