Red Hat Bugzilla – Bug 825313
sss_ssh_knownhostsproxy prevents connection to machine without reverse address
Last modified: 2012-05-25 12:13:09 EDT
Description of problem:
When I install IPA server with SSH support (and thus sss_ssh_knownhostsproxy is used as a ProxyCommand in ssh_config) , I cannot ssh to machine without a reverse address:
# host vm-050.idm.lab.bos.redhat.com
vm-050.idm.lab.bos.redhat.com has address 10.16.78.50
# host 10.16.78.50
Host 220.127.116.11.in-addr.arpa. not found: 3(NXDOMAIN)
# ssh -vv vm-050.idm.lab.bos.redhat.com
OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 vm-050.idm.lab.bos.redhat.com
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: permanently_drop_suid: 0
Reverse lookup failed
ssh_exchange_identification: Connection closed by remote host
When the proxy command is commented, the connection to the same machine works.
This is too strict, we cannot require working reverse records for every machine we want to connect to.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install IPA server on a machine
2. On that machine, try to connect to other machine without a reverse record
Connection is rejected
Connection is accepted
I think this issue is present also in RHEL 6.3 Beta.
Sorry, wrong product.
*** Bug 825316 has been marked as a duplicate of this bug. ***
Bug 825316 is not a duplicate, I closed this Bug before it as it seemed to have wrong fields filled (like the owner).