#3733 sssd fails to download known_hosts from freeipa

Created 20 days ago by fidencio
Modified 2 days ago

This bug is an upstream version of https://bugzilla.redhat.com/show_bug.cgi?id=1574778

Description of problem:
After upgrading to sssd 1.16.1-3.fc27 and its dependencies, file /var/lib/sss/pubconf/known_hosts is empty. The fc27s hosts are joined to a freeipa 4.5.0 domain.

Version-Release number of selected component (if applicable):
sssd-1.16.1-3.fc27.x86_64

How reproducible:
Happens every time sssd is updated to version 1.16.1-3

Steps to Reproduce:
1. Upgrade to sssd-1.16.1-3.fc27.x86_64 and associated packages
2. Try to ssh to another ipa-joined host that has an SSH host key trusted in ipa

Actual results:
Running "ssh hostname2.ipa.example.com" prompts the user to accept a new SSH host key.

Expected results:
No prompt about trusting the host ssh key should appear, because the host key is trusted in ipa already.

Additional info:
Running "dnf downgrade sssd" resumes the normal behavior of receiving the known_hosts from the freeipa domain.

The patch that introduced the issue is: https://github.com/SSSD/sssd/commit/cd4590de2a84b8143a6c75b5198f5e1b3c0a6d63

I'm assigning this issue to @pbrezina as he agreed to take a look on it.

The rhbz will most likely be closed as a Fedora build has been provided removing the problematic patch from there.

20 days ago

Metadata Update from @fidencio:
- Issue assigned to pbrezina
- Issue tagged with: regression

20 days ago

Metadata Update from @fidencio:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1574778

2 days ago

Metadata Update from @jhrozek:
- Issue priority set to: blocker (was: minor)
- Issue set to the milestone: SSSD 1.16.2

Login to comment on this ticket.

https://bugzilla.redhat.com/show_bug.cgi?id=1574778

cancel