ProxyCommand /usr/bin/sss_ssh_knownhostsproxy is a must for SSSD ?

[pkazi]

We have linux servers joined to Active Directory (AD) Domain via SSSD.
We found in docs that we need to add below config in /etc/ssh/ssh_config -

ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts

Is this a must requirement for SSSD to run ?
We are facing issues caused by this when our ruby application is trying to SSH to remote host using 2nd interface, i.e. ethernet1 (via bind address) , where as default interface is ethernet0

Can we remove this config if not a must have?

Setup details

AD domain - ad.example.net
Local Server hostname - localserver.int.example.com
Remote HOST to which ssh failing  - server.example.com

When trying to ssh via ethernet1, it is not able to connect to remote host.
When sssd is removed, it is able to connect as expected.

[sumit-bose]

Hi,

which docs do you mean?

Currently you need sss_ssh_knownhostsproxy if you want to use a centrally managed know host file. But typically you do not have this in AD so I would expect that you do not need it. But it would be good to know which docs you are referring to to better understand what use-case it is covering.

bye,
Sumit

[pkazi]

Hi @sumit-bose

Thanks for quick response.
I was referring the blog/ Redhat articles for setting up SSSD witH AD as docs here.
These articles/blogs have mentioned to have this ProxyCommand to be there in ssh_config.
What I got from your above reply is, we dont need this when SSSD is connecting to AD.

Thanks