sss_ssh_knownhostsproxy prevents connection to machine without reverse address

Solution Unverified - Updated -

Issue

We have a setup where IDM clients are connecting to a host via SSH, and where it's difficult for us to set the reverse DNS entry for the host's IP address.

On the client, we use the "--configure-ssh" option when we run ipa-client-install. When we try to establish an SSH connection, it fails with the following messages:

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 server2.example.com
debug1: permanently_drop_suid: 1003400015
debug1: identity file /home/jump-sc1/.ssh/identity type -1
debug1: identity file /home/jump-sc1/.ssh/id_rsa type 1
debug1: identity file /home/jump-sc1/.ssh/id_dsa type -1
Reverse lookup failed
ssh_exchange_identification: Connection closed by remote host

When we run the sss_ssh_knownhostsproxy command, it shows the same "Reverse lookup failed" error.When we remove the ProxyCommand option from /etc/ssh/ssh_config, the connection works

Environment

  • Red Hat Enterprise Linux 6
  • SSSD 1.8.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content