Bug 1430253

Summary: [RFE] IPA does not support alternative IPs/DNS-Names for ssh login
Product: Red Hat Enterprise Linux 7 Reporter: Andrey Bondarenko <abondare>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED UPSTREAM QA Contact: ipa-qe <ipa-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.3CC: afarley, pasik, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-16 17:17:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrey Bondarenko 2017-03-08 08:02:23 UTC 
Description of problem:

The file "/etc/ssh/ssh_known_hosts" supports multiple, comma seperated values for DNS-Names and IPs, so that one can associate multiple names/IPs with one host key. 

The FreeIPA should support host aliases and SSSD should support adding aliases into the output of the sss_ssh_knownhostsproxy so that one could use either connect to samplehost.example.com and samplehost.linux.example.com

How reproducible:

   always
Comment 2 Jan Cholasta 2017-03-14 11:08:07 UTC 
Note that this already works as long as you use the canonical host name for the IPA host:

$ host a.example.com
a.example.com has address 1.2.3.4
$ host b.example.com
b.example.com has address 1.2.3.4
$ host 1.2.3.4
4.3.2.1.in-addr.arpa domain name pointer a.example.com.
$ ipa host-show a.example.com
<...>
$ ipa host-show b.example.com
ipa: ERROR: b.example.com: host not found
$ ssh a.example.com
<works>
$ ssh b.example.com
<works>
Comment 4 Petr Vobornik 2017-03-17 16:00:19 UTC 
Upstream ticket:
https://pagure.io/freeipa/issue/6779
Comment 7 Amy Farley 2019-08-16 17:17:27 UTC 
I am going to close this bz and let the UPSTREAM work continue.