sssd disable known_hosts hashing
If you use Fedora GNU/Linux, and you want bash autocompletion for the hosts in your FreeIPA domain when using the OpenSSH client, you have to disable knownhosts hashing in the global knownhosts file. To find the global knownhosts file, check /etc/ssh/ssh_config
# grep -i knownhosts /etc/ssh/ssh_config
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
GlobalKnownHostsFile **/var/lib/sss/pubconf/known_hosts**
The file displayed here is the default on Fedora: /var/lib/sss/pubconf/known_hosts. Now, to disable the hashing inside that file, you have to configure sssd.
# cat /etc/sssd/conf.d/50_ssh_hash_known_hosts.conf
[ssh]
ssh_hash_known_hosts = false
I don't know at what version the dot-dee directory for sssd.conf was introduced specifically (other then when it is compiled with libini>=1.3.0), but mine had it as of Fedora 27 and sssd-1.16.0. But with this entry in the config, restart sssd and maybe delete the previous /var/lib/sss/pubconf/known_hosts file which will be re-generated as it needs it.
Reference
Weblinks
https://jhrozek.fedorapeople.org/sssd/1.14.1/man/sssd.conf.5.html
Comments