This may need to be passed upstream to the SSH maintainers or openssh folks, but: (Centos 6.4, ipa-client 3.0.0-26, openssh-5.3p1-84.1 )
IPA (sssd) when installed is to modify the /etc/ssh/ssh_config file, by adding (at least) a line : GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts Default behavior of SSH when that isn't present is to check both /etc/ssh/ssh_known_hosts2 & /etc/ssh/ssh_known_hosts for keys. This is documented in the ssh_config man page. However, when the line is present with the sssd change, the OS only checks for /etc/ssh/ssh_known_hosts2, plus the file in /var/lib/sss. It still checks for both $HOME/.ssh/known_hosts & $HOME/.ssh/known_hosts, either way. (that's controlled by a different option.) Should IPA / SSSD be adding back in the default value, until such time as it's fixed in the upstream? Matthew Barr Technical Architect E: mb...@snap-interactive.com AIM: matthewbarr1 c: (646) 727-0535
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users