Bug 2316063 - Connect in the VM by ssh command issue : KnownHostsCommand failed
Summary: Connect in the VM by ssh command issue : KnownHostsCommand failed
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 41
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Dmitry Belyavskiy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-02 07:57 UTC by Sylvain Réault
Modified: 2024-10-02 13:21 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-10-02 13:21:45 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-1302 0 None None None 2024-10-02 07:59:59 UTC

Description Sylvain Réault 2024-10-02 07:57:30 UTC 
Description of problem:

Connect in the VM 

Version-Release number of selected component (if applicable):
openssh.x86_64                       9.8p1-3.fc41.1

How reproducible:
All time

Steps to Reproduce:
1.Launch VM (used KVM/libvirt/QEMU VM) 
2.used the console and in the same host : ssh root.xx.xx
3.Check in another Host with Fedora 40 (see the "Expected results") with same commande the result it's ok

Actual results:
KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 192.168.xx.xx failed, status 1
KnownHostsCommand failed

The connect is not possible.

Expected results:
another host :
ssh root.xx.xx
(root.xx.xx) Password: 
Last login: Wed Oct  2 09:46:45 2024 from 192.168.xx.1
...

Additional info:


Thanks in advance

Sylvain
Comment 1 Clemens Lang 2024-10-02 08:20:21 UTC 
It seems you have a KnownHostsCommand configured in your SSH configuration that fails for the given host. Remove it, or make sure it passes?
Comment 2 Sylvain Réault 2024-10-02 12:02:56 UTC 
Hello  Clemens,

Thanks, I have uninstall my ipa client. The access to my VM with ssh it's ok.

I check after reinstall my ipa client if it's same.

Sylvain
Comment 3 Sylvain Réault 2024-10-02 12:18:37 UTC 
After relaunch the ipa-client-install, the access to my VM with ssh command it's done :).

But my ipa client command it's very long...
Comment 4 Sylvain Réault 2024-10-02 12:44:31 UTC 
Ok We have an issue with my DNS ipv6 and my first ipa client reinstall is failed... After restart the uninstall and reinstall the ipa-client, the access to the VM with used the ssh command result the same error :

$ ssh roots.xx.xx
KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 192.168.xx.xx failed, status 1
KnownHostsCommand failed

Same if the VM is not client in the IPA servers...

Sylvain
Comment 5 Sylvain Réault 2024-10-02 13:21:27 UTC 
Ok I have a KnowHostCommand in /etc/ssh/ssh_config.d/04-ipa.conf...

# IPA-related configuration changes to ssh_config
#
PubkeyAuthentication yes
#GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
#VerifyHostKeyDNS yes

# use sss_ssh_knownhosts if available
# assumes that if a user does not have shell (/sbin/nologin),
# this will return nonzero exit code and proxy command will be ignored
Match exec true
          KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H

# assumes that if a user does not have shell (/sbin/nologin),
# this will return nonzero exit code and proxy command will be ignored
#Match exec true
#       ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

It's very strange, I don't think to have ever modified this part...

Thanks for you'r support ;).

Best Regards

Sylvain
Note You need to log in before you can comment on or make changes to this bug.