#1843 Add exit value section to sss_ssh_* man page pages
Closed: Fixed None Opened 7 years ago by rcritten.

The sss_ssh_* commands return non-zero on error but these values are not documented In fact, it is not documented that it would ever return a non-zero value.

I managed to somehow get sssd into a state where it couldn't communicate with the IPA backend. This caused connections from remote machines to error out. I saw this on my server secure log:

Mar 18 15:08:55 rawhide2 sshd[19335]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys returned status 1

Sure enough, running this from a command-line returned the same error:

# sss_ssh_authorizedkeys admin
Error looking up public keys
# echo $?
1

I'm guessing it was a conscious choice to deny access on lookup failure to prevent a DoS against the key server. It would be nice to include this as well, if true.

sssd-1.9.3-1.fc18.x86_64


Any error that would trigger a message to stderr might also trigger a sss_log() call, this would be more friendly to the admin than just "returned status 1".

Fields changed

owner: somebody => jcholast

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.0

Fields changed

patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

This was actually fixed in the Beta.

milestone: SSSD 1.10.0 => SSSD 1.10 beta

Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.10 beta

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2885

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata