Ok, hopefully my last SSH key question.

I've been following the instructions here:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/host-keys.html#installing-host-keys

and here:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/openssh-sssd.html

I have my host's public key set, it shows up in the web UI, and I have these 
lines added to the end of the /etc/ssh/ssh_config file on the client machine 
(that is also a member of the IdM domain):

ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p -d LINUXTEST.LIBERTY.EDU %h
UserKnownHostsFile2 .ssh/sss_known_hosts

I have reloaded the SSH service on the client.  I go to connect from my client 
to my linuxtest server (which happens to be my IdM server), and I get this:

[karmstrong@linuxclient<mailto:karmstrong@linuxclient> ~]$ ssh 
karmstr...@linuxtest.liberty.edu<mailto:karmstr...@linuxtest.liberty.edu>
The authenticity of host 'linuxtest.liberty.edu (<no hostip for proxy 
command>)' can't be established.
RSA key fingerprint is ad:22:28:8d:91:81:3c:07:47:9d:5a:0d:09:33:18:e1.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.

The public key fingerprint matches what is set on the host's page in the IdM 
interface.

I do not have a known_hosts in the karmstrong .ssh directory.

I have also tried adding the FQDN, and FQDN,ip address into the SSH key on the 
IdM server through the Web UI, but I still get the bit about not finding an IP 
for the proxy command to use when it tries to authenticate the host.

I have also verified that there is a PTR record in DNS for the host itself, so 
I believe that it is not a name resolution error.

Am I missing something?

-Kenny
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to