Bug 2015070
Summary: | Consistency in defaults between OpenSSH and SSSD | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Alexey Tikhonov <atikhono> |
Component: | sssd | Assignee: | Alexey Tikhonov <atikhono> |
Status: | CLOSED ERRATA | QA Contact: | Dhairya Parmar <dparmar> |
Severity: | unspecified | Docs Contact: | lmcgarry |
Priority: | unspecified | ||
Version: | 8.5 | CC: | dlavu, grajaiya, jhrozek, lslebodn, mzidek, pbrezina, tscherf |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | sync-to-jira | ||
Fixed In Version: | sssd-2.6.1-1.el8 | Doc Type: | Enhancement |
Doc Text: |
.SSSD default SSH hashing value is now consistent with the OpenSSH setting
The default value of `ssh_hash_known_hosts` has been changed to false. It is now consistent with the OpenSSH setting, which does not hash host names by default.
However, if you need to continue to hash host names, add `ssh_hash_known_hosts = True` to the `[ssh]` section of the `/etc/sssd/sssd.conf` configuration file.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-10 15:26:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexey Tikhonov
2021-10-18 10:55:56 UTC
Upstream PR: https://github.com/SSSD/sssd/pull/5849 Pushed PR: https://github.com/SSSD/sssd/pull/5849 * `master` * e8b43cc82339c6ff19b8e6bf19d7d7c39ea481f7 - SSH: changed default value of `ssh_hash_known_hosts` to false Tested against sssd-2.4.0-9.el8_4.2.x86_64 #### ssh_hash_known_hosts is not used, default value is True #### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts |1|avLOS3vrD82NCfLSVO7PDq97qEs=|TYmqqapY3I+UGxtP/IrBSwck9M0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|wo4wGZAA/2gD1l9CKaX+8gdp7Dk=|U9QquCrWcOAhRk/WO5l4ZqJeX0c= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|2XSUnSkqveT5JA3hG3xTAcMKnCM=|kifh7N0W0HMy1OvD6Ht2vVaTR5c= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|M9G7mCDtq3KgzhuJdkKHWHAtS5Q=|QZ03laxOb0dCCfVtEm34uyuvsW4= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|vvK1+wtLRoyoje+DELTEiE+//wI=|a92ki2LRP12a26invIQX6pa+2aM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= |1|GVuJhM99Iu64zOCKr83ehXKv1tI=|YyEvVnA8diYk0Y+k7EPVJ07Bs+k= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= #### ssh_hash_known_hosts = True #### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] ssh_hash_known_hosts = True [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# grep '\[ssh' -A1 /etc/sssd/sssd.conf [ssh] ssh_hash_known_hosts = True [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts |1|6EBBD7AjQe1o3LNclVkhrKZoy9M=|nDqVAA8QEKnOEkmOXEmTwhShGJo= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|WZ+QryzlFSlaymdLosN27ieHMJo=|Wv1zYjwOQy+HgBKVox/FXncGkCA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|GRecr5DuykAaNrdybkBtLXDiIjo=|twfC41XasD8sclFsVBaoPUx9qEs= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|GbpvylM0NqZPGVoHS8ZCm3s0KRE=|xw/syt+aKE0ZIQ5Q93nHrs2SRTM= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|p9GPmi0ezAFqqUbaEcUipjNoJsg=|cG4SLs4bNf2JDnc9foN/MfGrAUY= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= |1|56RQ9krc2Livj4eWae6bvdep0JU=|XiyKEa3XPi32WlIKQqbbJiA34N4= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= #### ssh_hash_known_hosts = False #### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] ssh_hash_known_hosts = False [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# grep '\[ssh' -A1 /etc/sssd/sssd.conf [ssh] ssh_hash_known_hosts = False [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts server.example.com,server.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= server.example.com,server.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E server.example.com,server.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= Tested against sssd-2.6.1-1.el8.x86_64 #### ssh_hash_known_hosts is not used, default value is False #### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts server.example.com,server.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= server.example.com,server.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E server.example.com,server.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= ### ssh_hash_known_hosts = True ### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] ssh_hash_known_hosts = True [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# grep '\[ssh' -A1 /etc/sssd/sssd.conf [ssh] ssh_hash_known_hosts = True [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts |1|B6Ucb3ix4rI1IG0pDLdeFQlTIbA=|A673GCvAYu8RqGQM2nd1LW9XgMg= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|QFut6zSDJrkc8MAWyz3ddhxfLHA=|Q1LWk5H4yRnv0BgV3AKH+Ztsa/A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= |1|W7mMiNVK06LtPp8d4+T6slEgNuI=|9ASTvwWh6w9bnKFdISixi2ELn58= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|JpzbpSk0L5Aj7mfTF4zrgAaExak=|sNEDgydl0ELgI/IoyDrtOKHRV3k= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E |1|pJSmYmBqObc3GAXq2/KVpGUdEiQ=|osJYD0aO56395TD3u49HBCBdx/c= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= |1|CGb3Sa611HpSn6JkYJF7lEv15b8=|Bc6lJMSAa5SE/Q9IkQ0KZfCH0hM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= #### ssh_hash_known_hosts = False #### [root@localhost pubconf]# cat /etc/sssd/sssd.conf [domain/example.com] id_provider = ipa ipa_server = _srv_, server.example.com ipa_domain = example.com ipa_hostname = client.example.com auth_provider = ipa chpass_provider = ipa access_provider = ipa cache_credentials = True ldap_tls_cacert = /etc/ipa/ca.crt krb5_store_password_if_offline = True [sssd] services = nss, pam, ssh, sudo domains = example.com [nss] homedir_substring = /home [pam] [sudo] [autofs] [ssh] ssh_hash_known_hosts = False [pac] [ifp] [secrets] [session_recording] [root@localhost pubconf]# grep '\[ssh' -A1 /etc/sssd/sssd.conf [ssh] ssh_hash_known_hosts = False [root@localhost pubconf]# systemctl stop sssd.service [root@localhost pubconf]# rm -f /var/lib/sss/pubconf/known_hosts [root@localhost pubconf]# systemctl start sssd.service [root@localhost pubconf]# ssh -l user1 server.example.com echo 'login successful' Password: Could not chdir to home directory /home/user1: No such file or directory login successful [root@localhost pubconf]# cat /var/lib/sss/pubconf/known_hosts server.example.com,server.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIplnECM2yS18pQMoMwc4t4ZVPt8Hamp0rWonAHD6+wf9zO2xzAUEufuyivlUhkrRfAfxDHE+qnM6Pm1PjvpZC0= server.example.com,server.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbcSMO8MXDcua6EZE00xaoZI9OJHgIdHKvPB8forZ2E server.example.com,server.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGatmskdWO47NLbnGcovDWiKQQKtCnTAKuPhoOgeFyD+lzHGJ+mt2i/JjrVZnDYwtNYfPXsFiabijcIRFhgnTF2ZNnhDtRTbeM6mIkKGod6OmHwUGPrfg0BMJk7mKqazuHskIwTKATav/JKHj+aLBH77LhruWWkKgT4Qdlq1A6ysur2ePbHpS3Sjd9sPbkA+OR4VuG3W7sWWh+qpaqd7lQyBj8a0OckGdmP5srUv4YxtqDyPdVpk/89oQVR/7Jv5/r0pgjBTGJuIRiVv2h/YIZizsheoh8gTOJoaIiw8Sg/jsiHN0WP4TtkFFCFsO/Y7IDexREporUeIUl/vcboWebkfWss8594Edd1xShO3h090gjrGaGpTK3kirr2JdN/2O230lt4TsDbXhEX7w3FdtZffJFar5HXjhTsWvzc5jU5UfB6Gw8M/PmdXEAHK5q4BmKrnTXqfJBgW6aFWvkSLspwFqN8h3Ano2OrAyobPlLUvvAN9ixmW0k7NbVm35uSdk= Manual verification comment the tested package is available in nightly compose Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2070 |