Hi,
I have decided to install freeIPA on my already fully working, small home network.
After I have installed freeIpa Client on one of workstations, that client immediately was
unable to ssh anywhere (not even its own host)
Initially I've created bug report (with logs) here:
https://pagure.io/freeipa/issue/7869.
While googling around i found that somebody had similar issue here in 2016:
https://www.redhat.com/archives/freeipa-users/2016-January/msg00277.html
While disabling ProxyCommand DID "fix" my issue and i can ssh without issues,
but afaik "proxy is needed for SSSD SSH integration (public keys and
fingerprints)", therefore it does not sound like a solution.
$ ssh 10.0.3.30 -vvvvvvvvv
.....
enssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm(a)openssh.com,aes128-ctr,aes128-cbc
debug1: ssh_exchange_identification: penssh.com,hmac-sha2-512
ssh_exchange_identification: Connection closed by remote host
$ cat sssd_ssh.log
[sssd[ssh]] [sysdb_update_ssh_known_host_expire] (0x0400): Updating known_hosts expire
time of host
ipaserver.home.mydomain.com
[sssd[ssh]] [sysdb_merge_res_ts_attrs] (0x2000): TS cache doesn't handle this DN type,
skipping
[sssd[ssh]] [sysdb_search_ssh_hosts] (0x0400): No such host
[sssd[ssh]] [sss_domain_get_state] (0x1000): Domain
home.mydomain.com is Active
[sssd[ssh]] [sysdb_merge_res_ts_attrs] (0x2000): TS cache doesn't handle this DN type,
skipping
[sssd[ssh]] [unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.known_hosts.5fwN98]
[sssd[ssh]] [unlink_dbg] (0x2000): File already removed:
[/var/lib/sss/pubconf/.known_hosts.5fwN98]
[sssd[ssh]] [client_idle_handler] (0x2000): Terminating idle client [0x55cb9d414d30][23]
[sssd[ssh]] [client_close_fn] (0x2000): Terminated client [0x55cb9d414d30][23]
- sssd and sshd services are active and running without any visible errors.
- sss is present in /etc/nsswitch.conf
here:
passwd: sss files systemd
group: sss files systemd
netgroup: sss files
automount: sss files
services: sss files
sudoers: files sss
but not here (and I have no idea whenever it should be):
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
I am attaching more detailed logs here:
http://freetexthost.com/qdhopxig65
Thanks for your help!
Cheers!