Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-59266

Pagure #9649: Also enable SSSD's ssh service when enabling sss_ssh_knownhosts

XMLWordPrintable

    • ipa-4.12.2-2.el10
    • No
    • Moderate
    • 2
    • rhel-sst-idm-ipa
    • ssg_idm
    • 6
    • 7
    • 2
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • 2024-Q3-Alpha-S6, 2024-Q4-Alpha-S1
    • Unspecified Release Note Type - Unknown
    • None 

      Cloned from: https://pagure.io/freeipa/issue/9649

### Request for enhancement
As a SSSD developer, I want `ipa-client-install` to enable SSSD's ssh service when enabling the use of `sss_ssh_knownhosts` so that this tool works properly.

### Issue
If the ssh service is not enabled, the tool will fail to retrieve the keys and abort the ssh connection.

#### Steps to Reproduce
1. Disable ssh in SSSD.
2. Run `ipa-client-install` to enable `sss_ssh_knownhosts`

#### Actual behavior
`ssh localhost` fails.

#### Expected behavior
ssh should succeed.

#### Version/Release/Distribution
ipa-client-4.12.1-4.el10.x86_64

#### Additional info:
For this you need to update the `/etc/sssd/sssd.conf` file and modify the `services` option in the `[sssd]` section, to include the value `ssh`. This is a list of comma-separated values.

```
[sssd]
domains = EXAMPLE.TEST
services = nss, ssh, pam, sudo, ifp
```

              frenaud@redhat.com Florence Renaud
              frenaud@redhat.com Florence Renaud
              Florence Renaud Florence Renaud
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: