Learn more about these different git repos.
Other Git URLs
If ssh uses sss_ssh_knownhostproxy, it cannot established connection to a hostname if an address is unreachable.
/etc/ssh/ssh_config
GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
It seems that sss_ssh_knownhostsproxy tries only one IP address of a host. If the host is via this address unreachable, ssh fails to connect. If ssh is used without sss_ssh_knownhostsproxy, it is able to establish the connection successfully.
[vm-024: ~]$ ssh -vvv fedorapeople.org OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 50: Deprecated option "GlobalKnownHostsFile2" debug1: /etc/ssh/ssh_config line 53: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 fedorapeople.org debug1: permanently_drop_suid: 529 debug3: Incorrect RSA1 identifier debug3: Could not load "/home/pbrezina/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/pbrezina/.ssh/id_rsa type 1 debug1: identity file /home/pbrezina/.ssh/id_rsa-cert type -1 debug1: identity file /home/pbrezina/.ssh/id_dsa type -1 debug1: identity file /home/pbrezina/.ssh/id_dsa-cert type -1 [vm-024: ~]$ /usr/bin/sss_ssh_knownhostsproxy -p 22 fedorapeople.org --debug 10 (Thu Aug 23 08:12:27:146532 2012) [/usr/bin/sss_ssh_knownhostsproxy] [main] (0x0040): sss_ssh_get_ent() failed (111): Connection refused (Thu Aug 23 08:12:27:147323 2012) [/usr/bin/sss_ssh_knownhostsproxy] [connect_socket] (0x0040): connect() failed (101): Network is unreachable [vm-024: ~]$ host fedorapeople.org fedorapeople.org has address 152.19.134.191 fedorapeople.org has IPv6 address 2610:28:3090:3001:5054:ff:fedb:7f5a [vm-024: ~]$ ssh 152.19.134.191 (works) [vm-024: ~]$ ssh 2610:28:3090:3001:5054:ff:fedb:7f5a ssh: connect to host 2610:28:3090:3001:5054:ff:fedb:7f5a port 22: Network is unreachable
Fields changed
milestone: NEEDS_TRIAGE => SSSD Deferred rhbz: => todo
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1063278 (Fedora)
rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1063278 1063278]
Can we bump this one in priority? With the increased adoption of IPv6, I now see this quite often. We have public DNS servers returning AAAA records, but then IPv6 gets blocked by network, and services fail.
changelog: => design: => design_review: => 0 fedora_test_page: => mark: => 0 review: => 0 selected: => sensitive: => 0
If you're seeing issues then we should move the ticket out of deferred, but I don't think it's realistic to squeeze it into 1.14 (unless patches are provided :-)) therefore I would propose 1.15
milestone: SSSD Deferred => NEEDS_TRIAGE
This should be a 1.14 stretch goal, but we're not sure we will have the capacity to fix the bug in 1.14.0
milestone: NEEDS_TRIAGE => SSSD 1.14 backlog
Any updates on this? Could you at least add a decent error message.
Replying to [comment:6 jimmyhedman]:
Any updates on this? Could you at least add a decent error message. There is a candidate fix in the bugzilla linked to this message, but not all reports were positive. It would be nice if you could test the patch linked to that bugzilla.
Since the 1.14 branch is transitioning into maintenance mode and new functionality is being developed in master which will become 1.15 eventually, I'm mass-moving tickets from the 1.14 backlog milestone to the "Future releases" milestone.
milestone: SSSD 1.14 backlog => SSSD Future releases (no date set yet)
Metadata Update from @pbrezina: - Issue set to the milestone: SSSD Future releases (no date set yet)
So apparently #3366 is a duplicate of this, and it is worrying to see that we do not have a target release to fix this ticket. Is there a documented workaround ?
master:
Metadata Update from @lslebodn: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field sensitive reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: None
sssd-1-14:
sssd-1-13:
Metadata Update from @lslebodn: - Custom field design_review reset (from false) - Custom field mark reset (from false) - Custom field patch reset (from false) - Custom field review reset (from false) - Custom field sensitive reset (from false) - Custom field testsupdated reset (from false)
Metadata Update from @lslebodn: - Custom field design_review reset (from false) - Custom field mark reset (from false) - Custom field patch reset (from false) - Custom field review reset (from false) - Custom field sensitive reset (from false) - Custom field testsupdated reset (from false) - Issue close_status updated to: Fixed - Issue set to the milestone: SSSD 1.15.3 (was: SSSD Future releases (no date set yet)) - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2540
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.