openssh 8.5 will support KnownHostsCommand #5518
Assignees
Labels
Closed: Fixed
Issue was closed as fixed.
Comments
|
For the record, this was released in OpenSSH 8.5 couple months back. |
|
JFTR, at the time of writing:
|
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 22, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 23, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 23, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 23, 2024
This feature is confugrable with the --with(out)-ssh-known-hosts-command option. It is anlebled by default. Resolves: SSSD#5518
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 24, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Jan 24, 2024
This feature is configurable with the --with(out)-ssh-known-hosts-command option. It is enabled by default. Resolves: SSSD#5518
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 6, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 6, 2024
This feature is configurable with the --with(out)-ssh-known-hosts-command option. It is enabled by default. Resolves: SSSD#5518
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 15, 2024
This option is supported by delivering the tool sss_ssh_knownhosts which is a symbolic link to existing sss_ssh_authorized_key. This last tool was modified to change its behavior based on its name. It keeps its original behavior with the original name and diplays the host keys when invoked with the new name. In this case, it will also add the host name right before the key as required by the knownhosts file format. The new man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggest using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's keys from a remote server (FreeIPA, LDAP, etc.). This new tool replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 15, 2024
This feature is configurable with the --with(out)-ssh-known-hosts-command option. It is enabled by default. Resolves: SSSD#5518
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 16, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 16, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 16, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 19, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 21, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 21, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
aplopez
added a commit
to aplopez/sssd
that referenced
this issue
Feb 22, 2024
This option is supported by delivering the tool sss_ssh_knownhosts. This new tool displays the host public keys on STDOUT in the knownhosts file format. The corresponding man page was added and sss_ssh_knownhostsproxy's man page displays a message stating that it is deprecated and suggests using the new tool. Resolves: SSSD#5518 :relnote: sss_ssh_knownhostsproxy is deprecated. Consider using the more reliable sss_ssh_knownhosts instead. :feature: The new tool sss_ssh_knownhosts can be used with ssh's KnownHostsCommand configuration option to retrieve the host's public keys from a remote server (FreeIPA, LDAP, etc.). This new tool, which is more reliable, replaces sss_ssh_knownhostsproxy.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sssdhas for quite some timesss_ssh_knownhostsproxyused to collect known hosts for proxy. There were issues with it but it worked. During reread of upstream commits, I noticed the new configuration optionKnownHostsCommand, which did not yet land in released openssh, but might be a great alternative for future:openssh/openssh-portable@da4bf0d
Indeed, the old one will have to stay for some time for backward compatibility, but trying to migrate to the new one would make handling of known hosts more straight-forward
The text was updated successfully, but these errors were encountered: