On 17.7.2013 16:22, Armstrong, Kenneth Lawrence wrote:
Ok, hopefully my last SSH key question.
I've been following the instructions here:
I have my host's public key set, it shows up in the web UI, and I have
these lines added to the end of the /etc/ssh/ssh_config file on the
client machine (that is also a member of the IdM domain):
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p -d
I have reloaded the SSH service on the client. I go to connect from my
client to my linuxtest server (which happens to be my IdM server), and I
[karmstrong@linuxclient <mailto:karmstrong@linuxclient> ~]$ ssh
The authenticity of host 'linuxtest.liberty.edu (<no hostip for proxy
command>)' can't be established.
RSA key fingerprint is ad:22:28:8d:91:81:3c:07:47:9d:5a:0d:09:33:18:e1.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
The public key fingerprint matches what is set on the host's page in the
I do not have a known_hosts in the karmstrong .ssh directory.
I have also tried adding the FQDN, and FQDN,ip address into the SSH key
on the IdM server through the Web UI, but I still get the bit about not
finding an IP for the proxy command to use when it tries to authenticate
I have also verified that there is a PTR record in DNS for the host
itself, so I believe that it is not a name resolution error.
Am I missing something?
No. The documentation is wrong for some reason. This is what you should
have in ssh_config:
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
Freeipa-users mailing list