Bug 1575264 - sssd 1.6.1-3 on fc27 and fc28 does not cache sss_ssh_knownhostproxy effictively
Summary: sssd 1.6.1-3 on fc27 and fc28 does not cache sss_ssh_knownhostproxy effictively
Keywords:
Status: CLOSED DUPLICATE of bug 1574778
Alias: None
Product: Fedora
Classification: Fedora
Component: sssd
Version: 27
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jakub Hrozek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-05 14:03 UTC by Martin Jackson
Modified: 2018-06-12 08:03 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-05 17:03:00 UTC
Type: Bug


Attachments (Terms of Use)

Description Martin Jackson 2018-05-05 14:03:14 UTC
Description of problem:
Using sssd 1.6.1-3 on fc27 and fc28 and joined to a FreeIPA domain hosted on the ipa in CentOS 7 CR, sss_ssh_knownhostproxy cache file is always empty and ssh prompts to accept host keys

Version-Release number of selected component (if applicable):
1.6.1-3

How reproducible:
On both fc27 and fc28, seemingly always (I have three fedora nodes I've tested with, 2 27 and 1 28, all on 1.16.1-3).  Nodes running CentOS 7 IPA client still cache host keys as expected.

Steps to Reproduce:
1. Create a FreeIPA domain on an el7 host
2. Join a fedora 27 or 28 node to the domain
3. SSH from the client to the domain controller - the host key should be cached

Actual results:
ssh prompts to accept the hostkey, complaining that the proxy didn't give an answer ('no hostip for proxy command')

Expected results:
The key is read from cache and login happens through GSSAPI

Additional info:

Comment 1 Lukas Slebodnik 2018-05-05 17:03:00 UTC

*** This bug has been marked as a duplicate of bug 1574778 ***

Comment 2 Lukas Slebodnik 2018-05-05 17:06:29 UTC
I'm so sorry for the regression.

I used to test sssd a little bit more when I was backporting many upstream patches to fedora dist-git.

I cannot have commit rights anymore for unknown reason therefore the only way how can I help you is to provide link to copr build with fixed version

https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/

Comment 7 Lukas Slebodnik 2018-05-05 20:43:08 UTC
(In reply to Lukas Slebodnik from comment #2)
> the only way how can I help you is to provide link to copr build with
> fixed version
> 
> https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/

And Fabiano was so kind that he did the same update also in fedora
https://bodhi.fedoraproject.org/updates/FEDORA-2018-29e4d12fa1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-900d2b7675
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7efba18539

Martin,
Could you test it and provide karma?


Note You need to log in before you can comment on or make changes to this bug.