1575264 – sssd 1.6.1-3 on fc27 and fc28 does not cache sss_ssh_knownhostproxy effictively

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1575264 - sssd 1.6.1-3 on fc27 and fc28 does not cache sss_ssh_knownhostproxy effictively

Summary: sssd 1.6.1-3 on fc27 and fc28 does not cache sss_ssh_knownhostproxy effictively

Keywords:
Status:	CLOSED DUPLICATE of bug 1574778
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	27
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Jakub Hrozek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-05-05 14:03 UTC by Martin Jackson
Modified:	2018-06-12 08:03 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-05-05 17:03:00 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Martin Jackson 2018-05-05 14:03:14 UTC

Description of problem:
Using sssd 1.6.1-3 on fc27 and fc28 and joined to a FreeIPA domain hosted on the ipa in CentOS 7 CR, sss_ssh_knownhostproxy cache file is always empty and ssh prompts to accept host keys

Version-Release number of selected component (if applicable):
1.6.1-3

How reproducible:
On both fc27 and fc28, seemingly always (I have three fedora nodes I've tested with, 2 27 and 1 28, all on 1.16.1-3).  Nodes running CentOS 7 IPA client still cache host keys as expected.

Steps to Reproduce:
1. Create a FreeIPA domain on an el7 host
2. Join a fedora 27 or 28 node to the domain
3. SSH from the client to the domain controller - the host key should be cached

Actual results:
ssh prompts to accept the hostkey, complaining that the proxy didn't give an answer ('no hostip for proxy command')

Expected results:
The key is read from cache and login happens through GSSAPI

Additional info:

Comment 1 Lukas Slebodnik 2018-05-05 17:03:00 UTC


*** This bug has been marked as a duplicate of bug 1574778 ***

Comment 2 Lukas Slebodnik 2018-05-05 17:06:29 UTC

I'm so sorry for the regression.

I used to test sssd a little bit more when I was backporting many upstream patches to fedora dist-git.

I cannot have commit rights anymore for unknown reason therefore the only way how can I help you is to provide link to copr build with fixed version

https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/

Comment 7 Lukas Slebodnik 2018-05-05 20:43:08 UTC

(In reply to Lukas Slebodnik from comment #2)
> the only way how can I help you is to provide link to copr build with
> fixed version
> 
> https://copr.fedorainfracloud.org/coprs/lslebodn/sssd-test/

And Fabiano was so kind that he did the same update also in fedora
https://bodhi.fedoraproject.org/updates/FEDORA-2018-29e4d12fa1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-900d2b7675
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7efba18539

Martin,
Could you test it and provide karma?

Note You need to log in before you can comment on or make changes to this bug.