On to, 06 syys 2018, Ranbir via FreeIPA-users wrote:
On Thu, 2018-09-06 at 19:04 +0300, Alexander Bokovoy via FreeIPA-users wrote:Do you have GSSAPIDelegateCredentials yes on all your servers in /etc/ssh/ssh_config?Ah crap, I didn't explain it fully: from some servers, GSSAPI delegation only works when I use the FQDN for the server I'm trying to ssh to. On others, I can use just the hostname for the next leg (i.e. short name). Hmm...maybe there's a configuration parameter set on some that I overlooked.
By default FreeIPA deals with fully qualified host names. Unless you added non-FQDN names as aliases to your host records in IPA (I suspect you don't), doing non-FQDN ssh access will not work if they aren't resolved by the ssh client to FQDN ones like others in the thread pointed out. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
