Learn more about these different git repos.
Other Git URLs
The sss_ssh_* commands return non-zero on error but these values are not documented In fact, it is not documented that it would ever return a non-zero value.
I managed to somehow get sssd into a state where it couldn't communicate with the IPA backend. This caused connections from remote machines to error out. I saw this on my server secure log:
Mar 18 15:08:55 rawhide2 sshd: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys returned status 1
Sure enough, running this from a command-line returned the same error:
# sss_ssh_authorizedkeys admin
Error looking up public keys
# echo $?
I'm guessing it was a conscious choice to deny access on lookup failure to prevent a DoS against the key server. It would be nice to include this as well, if true.
Any error that would trigger a message to stderr might also trigger a sss_log() call, this would be more friendly to the admin than just "returned status 1".
owner: somebody => jcholast
milestone: NEEDS_TRIAGE => SSSD 1.10.0
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=928803
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=928803 928803]
patch: 0 => 1
status: new => assigned
resolution: => fixed
status: assigned => closed
This was actually fixed in the Beta.
milestone: SSSD 1.10.0 => SSSD 1.10 beta
Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.10 beta
to comment on this ticket.