Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSH: sss_ssh_knownhost must succeed if the responder is stopped #7785

Closed
wants to merge 1 commit into from
Closed

SSH: sss_ssh_knownhost must succeed if the responder is stopped #7785

wants to merge 1 commit into from

Conversation

aplopez
Copy link
Contributor

@aplopez aplopez commented Jan 6, 2025

sss_ssh_knownhosts requires that SSSD's 'ssh' service is launched to work properly. But if it is not launched or it is anyhow stopped, the tool MUST NOT fail and let the ssh client continue its job.

@alexey-tikhonov
Copy link
Member

Any ticket reference?

@aplopez
Copy link
Contributor Author

aplopez commented Jan 6, 2025

None in particular. This is a reaction to the problem @danlavu faced on December 20th. I had seen this problem once or twice before.

@alexey-tikhonov
Copy link
Member

But, IIRC, previously the stance was "if one configures 'sss_ssh_knownhost' then it's also their responsibility to enable 'sssd_ssh' as well.

@aplopez
Copy link
Contributor Author

aplopez commented Jan 6, 2025
edited
Loading

Correct, but sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy do behave like this, so I discussed with @sumit-bose and we agreed it is better to have a homogeneous behavior. And, considering that we already saw this problem two or three times, is seems better to avoid it.
But if you think this isn't good, we can discuss it.

@aplopez aplopez marked this pull request as ready for review January 6, 2025 15:42
@aplopez
SSH: sss_ssh_knownhost must succeed if the responder is stopped
5c5f8f0 
sss_ssh_knownhosts requires that SSSD's 'ssh' service is launched to
work properly. But if it is not launched or it is anyhow stopped, the
tool MUST NOT fail and let the ssh client continue its job.

:fixes: If the ssh responder is not running, `sss_ssh_knownhosts` will
        not fail (but it will not return the keys).
@aplopez aplopez changed the title SSH: sss_ssh_knownhost must succeed if the backend is stopped SSH: sss_ssh_knownhost must succeed if the responder is stopped Jan 7, 2025
@alexey-tikhonov
Copy link
Member

ACK

sumit-bose
sumit-bose approved these changes Jan 10, 2025
View reviewed changes
Copy link
Contributor

@sumit-bose sumit-bose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

thank you for the fix and for enhancing the man page, works for me, ACK.

bye,
Sumit

@alexey-tikhonov alexey-tikhonov added the Ready to push Ready to push label Jan 10, 2025
@alexey-tikhonov
Copy link
Member

Pushed PR: #7785

  • master
    • c2d95a3 - SSH: sss_ssh_knownhost must succeed if the responder is stopped
  • sssd-2-10
    • 4880e00 - SSH: sss_ssh_knownhost must succeed if the responder is stopped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

@sumit-bose sumit-bose sumit-bose approved these changes

Assignees

@sumit-bose sumit-bose

@alexey-tikhonov alexey-tikhonov

Labels
branch: sssd-2-10 Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aplopez @alexey-tikhonov @sumit-bose