Hi Jakub, On 02/19/2016 04:04 PM, Jakub Hrozek wrote: > On Fri, Feb 19, 2016 at 03:27:50PM +0100, Harald Dunkel wrote: >> Hi Lukas, >> >> I found an ubuntu manpage saying sss_ssh_knownhostsproxy is >> an experimental feature. >> Would you suggest to drop it >> in ipa-client-install? > > It's not experimental (at least upstream) for several years.. What sssd > version is that? >
Just google for sss_ssh_knownhostsproxy; its top of the list: http://manpages.ubuntu.com/manpages/precise/man1/sss_ssh_knownhostsproxy.1.html AFAIK ubuntu uses freeipa 4.1.5 and sssd 1.13.3. Maybe they did not update their man page on the web. I am using sssd 1.13.3 on Debian 8. The local man page does not say "experimental". >> >> IMHO this is a pretty annoying bug. I rely upon a port >> redirection for ssh on IPv4. For IPv6 there is no >> redirection, but the port is blocked in the packet filter. > > Would it help to set lookup_family_order to ipv4_only here so that ipv6 > is not even tried (or the other way around, depending on which AF you > want to try..) > Thats exactly what I was trying to achieve with the "-4". Sorry, but setting it globally conflicts with our efforts to propagate IPv6. I can still manually lookup the IPv4 address as a workaround. Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
