On Thu, May 23, 2013 at 1:53 PM, Natxo Asenjo <natxo.ase...@gmail.com>wrote:
> after (long) troubleshooting I finally pinpointed an annoying problem.
> Centos offers freenx (the free version of nomachine, so not a Red Hat
> problem) that allows multiple sessions and not just only 2 users like the
> free nochine version. This is very nice.
> After the upgrade to version 6.4, the ssh client config file
> /etc/ssh/ssh_config, is changed. This change breaks freenx completely:
> The new ssh_config file *after* joining the ipa domain adds this:
> # diff ssh_config.nxworks ssh_config.ipa
> > GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> > PubkeyAuthentication yes
> > ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
> if we remove those settings, freenx works again.
> I repeat: this has nothing to do with Red Hat, this is not their problem.
> I do not know what the implications are for this action, I suspect it will
> break the known_hosts functionality. We do not manage that with ipa, so
> that is not an issue for us (we use cfengine for that).
> If anyone else has had this problem, there you have a workaround.
> Freeipa-users mailing list
Indeed, this is an annoying problem.
We have been also impacted and there is a bugzilla for that:
Basically, you can let the Proxy command untouched in ssh_config and
script so it does overides that option.
Anyway, it was indeed not easy to find.
Freeipa-users mailing list