Tested on a fedora41 client member of an ipa domain. When trying to establish an ssh connection to an ip address the sss_ssh_knownhosts binary trows an error. ``` KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 172.16.1.123 failed, status 1 KnownHostsCommand failed ``` If I manually edit the /etc/hosts to contain an fqdn entry for this ip ie 172.16.1.123 myhost.somedomain.com myhost The ssh-connection succeeds using the ssh command to connect to any pc in the ipa domain works fine. Reproducible: Always Steps to Reproduce: 1.set up ipa domain 2.set up fedora41 ipa domain client 3.set up fedora system that is not an ipa domain client (and does not have a FQDN) 4.use the fedora41 ipa domain client to ssh to the ip of the non ipa-domain client 5. /usr/bin/sss_ssh_knownhosts will throw an error 6 on the ipa domain client add fqdn entry to the /etc/hosts for the non ipa-domain client 7 from the fedora41 client ssh into the /etc/hosts defined fqdn of the non ipa-domain client 8 ssh login will succeed Actual Results: failed to login with error: KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 172.16.1.123 failed, status 1 KnownHostsCommand failed Expected Results: normal ssh login to the system with the ip address
Hi, thank you for your report, this is a known issue, please see SSSD upstream ticket https://github.com/SSSD/sssd/issues/7664 and the fix at https://github.com/SSSD/sssd/pull/7670. bye, Sumit
Cool, Hope that merge request gets aproved soon. Rob
Pushed PR: https://github.com/SSSD/sssd/pull/7670 * `master` * 76682050022cba204ec5450f274a6e10a3726943 - SSH: sss_ssh_knownhosts must ignore DNS errors * `sssd-2-10` * fe72979318b171e2ab4fd95890c806401afb5296 - SSH: sss_ssh_knownhosts must ignore DNS errors
Can we get some kind of "urgency" on this? It's kinda breaking not being able to ssh into hosts by IP...
https://src.fedoraproject.org/rpms/sssd/c/bf6e886cb3d80aa6575814e7b019384e805d4bff?branch=rawhide https://src.fedoraproject.org/rpms/sssd/c/7f69cc4fb805b7ac1bc3de6cb95fe15ca8c15bf9?branch=f41
FEDORA-2024-bfd5344277 (sssd-2.10.0-2.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-bfd5344277
FEDORA-2024-bfd5344277 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-bfd5344277` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-bfd5344277 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-bfd5344277 (sssd-2.10.0-2.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.