Hi Rob, Thanks for your email,
Yeah true FQDN is working without any issues.But is there any way to ssh via IP as well rather than hostname On Tue, 3 Oct 2023 at 2:22 AM, Rob Crittenden <[email protected]> wrote: > Pradeep KNS wrote: > > ssh [email protected] -v > > [snip] > > > SHA256:1BAWa9F52c6u26qe8T9ZQsin3lk+VTFeRYBDtkOzNMU > > debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts: No such file or > > directory > > debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts2: No such file > > or directory > > debug1: Host '10.40.1.201' is known and matches the ED25519 host key. > > debug1: Found key in /var/lib/sss/pubconf/known_hosts:2 > > The SSSD ssh integration was used to to validate that the host's SSH key > matched what was received so you avoided the "do you trust this host" > prompt. So that's good. > > > debug1: rekey out after 4294967296 blocks > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: rekey in after 4294967296 blocks > > debug1: Will attempt key: /home/kns/.ssh/id_rsa > > debug1: Will attempt key: /home/kns/.ssh/id_dsa > > debug1: Will attempt key: /home/kns/.ssh/id_ecdsa > > debug1: Will attempt key: /home/kns/.ssh/id_ecdsa_sk > > debug1: Will attempt key: /home/kns/.ssh/id_ed25519 > > debug1: Will attempt key: /home/kns/.ssh/id_ed25519_sk > > debug1: Will attempt key: /home/kns/.ssh/id_xmss > > debug1: SSH2_MSG_EXT_INFO received > > debug1: kex_input_ext_info: > > server-sig-algs=<ssh-ed25519,[email protected] > > <mailto:[email protected] > >,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, > [email protected] > > <mailto:[email protected]>, > [email protected] > > <mailto:[email protected]>> > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive > > debug1: Next authentication method: gssapi-with-mic > > *debug1: Unspecified GSS failure. Minor code may provide more > information > > Server host/[email protected] > > <mailto:[email protected]> not found in Kerberos database* > > IPA keys on hostnames, not IP addresses, hence this message. You need to > use a FQDN. AFAIK there is no workaround. > > > debug1: Authentications that can continue: > > publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive > > debug1: Next authentication method: publickey > > debug1: Trying private key: /home/kns/.ssh/id_rsa > > debug1: Trying private key: /home/kns/.ssh/id_dsa > > debug1: Trying private key: /home/kns/.ssh/id_ecdsa > > debug1: Trying private key: /home/kns/.ssh/id_ecdsa_sk > > debug1: Trying private key: /home/kns/.ssh/id_ed25519 > > debug1: Trying private key: /home/kns/.ssh/id_ed25519_sk > > debug1: Trying private key: /home/kns/.ssh/id_xmss > > debug1: Next authentication method: keyboard-interactive > > ([email protected] <mailto:[email protected]>) Password: > > It failed to do a Kerberos/GSSAPI auth so it fell back to password. > > rob > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
