Fwd: KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H breaks if host entry in ~/ssh/config exists specifying the IP
Alexander Bokovoy
ab at samba.org
Tue Oct 22 20:57:57 AEDT 2024
On Аўт, 22 кас 2024, Han Boetes wrote:
> This command fails
>
> % ssh tarzan
> KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 10.10.11.14 failed,
> status 1
> KnownHostsCommand failed
>
> If there is an IP entry in ~/.ssh/config
>
> Host tarzan
> hostname 10.10.11.14
>
>
> So I created a wrapper:
>
> % cat /usr/bin/sss_ssh_knownhosts.wrapper
> #!/bin/sh
> /usr/bin/sss_ssh_knownhosts "$@" || true
>
> Which works around the problem and does make ssh check ~/ssh/knownhosts
> again.
>
> I don't know what is wisdom here. Is this an oversight, is there a more
> elegant solution?
sss_ssh_knownhosts is not provided by OpenSSH but rather a part of SSSD.
There is https://github.com/SSSD/sssd/issues/7664 for that and we are
currently discussing possible solution within SSSD team.
--
/ Alexander Bokovoy
More information about the openssh-unix-dev
mailing list