Dne 18.11.2014 v 23:53 Jakub Hrozek napsal(a):

On 18 Nov 2014, at 23:12, Dmitri Pal <d...@redhat.com> wrote:

On 11/18/2014 01:07 AM, Christoph Kaminski wrote:

I can reach each host here via ssh on multiple domains:

host mydom.net

sss_ssh_knownhostproxy does work only on the domain which I have use to register to ipa (mgmt), 
on the other domains I get ever "The authenticity of host 'host.mydom.int (<no hostip 
for proxy command>)' can't be established."... why?

Because it does not know that the hostnames refer to the same host.

Do you have a reverse DNS record set up for the host? Does it point to the same hostname that you used to register the host in IPA?

And other hosts in those domains are not registered?
May be you should try to add a host entry and SSH digest to IPA even if they 
are not enrolled?

This would work too.

Maybe Honza would have some tips for debugging...

See pages 13-16 of <http://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf>.


Jan Cholasta

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to