Han Boetes
2024-Oct-22 09:09 UTC
Fwd: KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H breaks if host entry in ~/ssh/config exists specifying the IP
This command fails % ssh tarzan KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 10.10.11.14 failed, status 1 KnownHostsCommand failed If there is an IP entry in ~/.ssh/config Host tarzan hostname 10.10.11.14 So I created a wrapper: % cat /usr/bin/sss_ssh_knownhosts.wrapper #!/bin/sh /usr/bin/sss_ssh_knownhosts "$@" || true Which works around the problem and does make ssh check ~/ssh/knownhosts again. I don't know what is wisdom here. Is this an oversight, is there a more elegant solution? Best regards Han
Darren Tucker
2024-Oct-22 09:42 UTC
KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H breaks if host entry in ~/ssh/config exists specifying the IP
On Tue, 22 Oct 2024 at 20:14, Han Boetes <hboetes at gmail.com> wrote:> This command fails > % ssh tarzan > KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 10.10.11.14 failed, > status 1I hadn't heard of sss_ssh_knownhosts but it's not part of OpenSSH. It seems to be part of SSSD: https://github.com/SSSD/sssd/blob/master/src/sss_client/ssh/sss_ssh_knownhosts.c so they are likely who you need to ask about it not working under some conditions. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Alexander Bokovoy
2024-Oct-22 09:57 UTC
Fwd: KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H breaks if host entry in ~/ssh/config exists specifying the IP
On ???, 22 ??? 2024, Han Boetes wrote:> This command fails > > % ssh tarzan > KnownHostsCommand-ORDER /usr/bin/sss_ssh_knownhosts 10.10.11.14 failed, > status 1 > KnownHostsCommand failed > > If there is an IP entry in ~/.ssh/config > > Host tarzan > hostname 10.10.11.14 > > > So I created a wrapper: > > % cat /usr/bin/sss_ssh_knownhosts.wrapper > #!/bin/sh > /usr/bin/sss_ssh_knownhosts "$@" || true > > Which works around the problem and does make ssh check ~/ssh/knownhosts > again. > > I don't know what is wisdom here. Is this an oversight, is there a more > elegant solution?sss_ssh_knownhosts is not provided by OpenSSH but rather a part of SSSD. There is https://github.com/SSSD/sssd/issues/7664 for that and we are currently discussing possible solution within SSSD team. -- / Alexander Bokovoy
Possibly Parallel Threads
- [Bug 1777] New: KnownHostsCommand
- [Bug 3652] New: KnownHostsCommand should expand tokens and environment variables on first argument
- [Bug 1777] KnownHostsCommand
- [Bug 3643] New: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port
- [Bug 1777] KnownHostsCommand