#2358 [PATCH] sss_cache flush ssh host keys.
Closed: Fixed None Opened 6 years ago by firstyear.

When you rebuild a host in a freeipa environment, the SSH key is regenerated and reuploaded to freeipa. However, this is cached in sssd on a workstation and is placed into known_hosts: It essentially means you are locked out of any host that you have rebuilt or rolled the ssh key on.

This patch (Discussed on the mailing list) corrects this behaviour, and allows an ssh host key to be expired and not inserted into the known hosts.

Thank you for the reminder, I pinged Honza to continue reviewing the latest version of sssd-devel. It's also fine to ping us on the mailing list in case the reply stalls (which might happen sometimes, sorry..)

I'm putting this ticket to 1.12.1 for now, I think that's when the work can land just fine. If the patch is not ready by then, we just push the patch further.

milestone: NEEDS_TRIAGE => SSSD 1.12.1

Fields changed

design: => N/A none needed, patch is available

Fields changed

rhbz: => todo

resolution: => fixed
status: new => closed

Metadata Update from @firstyear:
- Issue set to the milestone: SSSD 1.12.1

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3400

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.