SSSD is planning to deprecate the command sss_ssh_knownhostsproxy and replace it with sss_ssh_knownhosts (see ticket sssd #5518 and PR SSSD/7144).
sss_ssh_knownhostsproxy
sss_ssh_knownhosts
During the client installation, FreeIPA configures either /etc/ssh/ssh_config or /etc/ssh/ssh_config.d/04-ipa.conf (if SSH supports the Include directive) with the directive
/etc/ssh/ssh_config
/etc/ssh/ssh_config.d/04-ipa.conf
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
If the file /usr/bin/sss_ssh_knownhosts is present, it should be used instead of /usr/bin/sss_ssh_knownhostsproxy.
/usr/bin/sss_ssh_knownhosts
/usr/bin/sss_ssh_knownhostsproxy
Upgrade from older versions should also take care of this change.
JFYI: SSSD patch - https://github.com/SSSD/sssd/commit/953c6bee49123625e08e9ec35375d4f539a878da - was just merged, so will be available in next nightly build of sssd-2.10
Metadata Update from @ftrivino: - Issue assigned to ftrivino
Metadata Update from @ftrivino: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7254
@ftrivino , what's the plan here?
SSSD plans to ship sssd-2.10 version in f-41 without sss_ssh_knownhostsproxy
Update: sorry missed https://github.com/freeipa/freeipa/pull/7254. So it seems to be on a good track.
master:
ipa-4-11:
Metadata Update from @antorres: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @ftrivino: - Custom field changelog adjusted to Deprecated sss_ssh_knownhostsproxy in favor of sss_ssh_knownhosts. With this update, if /usr/bin/sss_ssh_knownhosts is present, it will be used instead of /usr/bin/sss_ssh_knownhostsproxy. We implemented a mechanism to apply this change when upgrading from older versions, and downgrading from newer versions.
ipa-4-12:
Log in to comment on this ticket.