SSHFP records for a host are not updated after they are removed.
Consider a host which was re-kickstarted. The SSHFP records are not replaced.
There is also no process to (easily) from the host re-upload these records.
Why aren't they perhaps a managed entry from the host's ldap entry? Alternately, these could be uploaded by SSSD?
Enroll host and upload SSHFP records as an option.
Delete SSHFP records, and recreate SSH keys.
I think that the best outcome would be a simple way from the ipa admin command to recreate these, or for sssd to upload them / trigger the update.
Please add new tickets to NEEDS TRIAGE milestone only so that it can be properly triaged.
Note that this is a duplicate of #2655. please continue discussion there. The ticket is currently in Ticket Backlog milestone, which means we did not see it as a priority for current release. However, we encourage people to help us and contribute.
Metadata Update from @firstyear:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE
to comment on this ticket.