#1949 SSH host keys are not removed from cache when host is deleted in IPA
Closed: Fixed None Opened 6 years ago by jcholast.

If a host is deleted in IPA, its host keys stay in SSSD's cache. This can lead to ssh refusing to connect to a host after reinstall, because its new host keys do not match those provided by SSSD.

Aren't the key refreshed on a new connect ?

Usually yes, but they are not when the host entry in LDAP is gone.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.0

Fields changed

changelog: =>
patch: 0 => 1
status: new => assigned

Under review upstream but Honza is currently busy with other tasks. Moving to 1.10.1

milestone: SSSD 1.10.0 => SSSD 1.10.1

milestone: SSSD 1.10.1 => SSSD 1.10.0

Fields changed

resolution: => fixed
status: assigned => closed

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.10.0

2 years ago

Login to comment on this ticket.