Description of problem: Using sssd 1.6.1-3 on fc27 and fc28 and joined to a FreeIPA domain hosted on the ipa in CentOS 7 CR, sss_ssh_knownhostproxy cache file is always empty and ssh prompts to accept host keys Version-Release number of selected component (if applicable): 1.6.1-3 How reproducible: On both fc27 and fc28, seemingly always (I have three fedora nodes I've tested with, 2 27 and 1 28, all on 1.16.1-3). Nodes running CentOS 7 IPA client still cache host keys as expected. Steps to Reproduce: 1. Create a FreeIPA domain on an el7 host 2. Join a fedora 27 or 28 node to the domain 3. SSH from the client to the domain controller - the host key should be cached Actual results: ssh prompts to accept the hostkey, complaining that the proxy didn't give an answer ('no hostip for proxy command') Expected results: The key is read from cache and login happens through GSSAPI Additional info:
*** This bug has been marked as a duplicate of bug 1574778 ***
I'm so sorry for the regression. I used to test sssd a little bit more when I was backporting many upstream patches to fedora dist-git. I cannot have commit rights anymore for unknown reason therefore the only way how can I help you is to provide link to copr build with fixed version https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/
(In reply to Lukas Slebodnik from comment #2) > the only way how can I help you is to provide link to copr build with > fixed version > > https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/ And Fabiano was so kind that he did the same update also in fedora https://bodhi.fedoraproject.org/updates/FEDORA-2018-29e4d12fa1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-900d2b7675 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7efba18539 Martin, Could you test it and provide karma?