Skip to content

Fix TOFU ssh key prompt in OpenOnDemand web shell for IPA hosts #864

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sjpb merged 6 commits into from
Dec 19, 2025
Merged

Fix TOFU ssh key prompt in OpenOnDemand web shell for IPA hosts #864

sjpb merged 6 commits into from
Dec 19, 2025
+3 −1

Conversation

@sjpb
Copy link
Collaborator

@sjpb sjpb commented Dec 9, 2025
edited
Loading

The appliance defaults the host to use for the Open Ondemand web shell to localhost, because it defaults the openondemand group to the login group. However for FreeIPA-enroled hosts, ssh key checks are done against an IPA-controlled known hosts file (which does not include localhost) so the keyscan task is not effective.

However as the IPA-controlled known hosts file does include all IPA hosts, by changing the web shell host to an actual hostname, the user does not have to accept the key on first use.

@sjpb sjpb changed the title Fix TOFO ssh key prompt in OOD web shell for IPA hosts Fix TOFU ssh key prompt in OOD web shell for IPA hosts Dec 11, 2025
@sjpb sjpb changed the title Fix TOFU ssh key prompt in OOD web shell for IPA hosts Fix TOFU ssh key prompt in OpenOnDemand web shell for IPA hosts Dec 16, 2025
@sjpb sjpb marked this pull request as ready for review December 18, 2025 13:29
@sjpb sjpb requested a review from a team as a code owner December 18, 2025 13:29
@elelaysh
Copy link
Contributor

elelaysh commented Dec 18, 2025

could we set it to always be inventory_hostname?

@sjpb sjpb requested a review from wtripp180901 December 18, 2025 17:47
@sjpb
Copy link
Collaborator Author

sjpb commented Dec 18, 2025

could we set it to always be inventory_hostname?

Hmm, that's a good question. There was a reason we changed it to localhost but I cannot remember what. I will do some git blaming ...

@elelaysh
Copy link
Contributor

elelaysh commented Dec 18, 2025

could we set it to always be inventory_hostname?

Hmm, that's a good question. There was a reason we changed it to localhost but I cannot remember what. I will do some git blaming ...

Back in 2023 (35ba408) it was made configurable, from the ffirst login host

elelaysh
elelaysh reviewed Dec 19, 2025
View reviewed changes
@sjpb
Copy link
Collaborator Author

sjpb commented Dec 19, 2025

could we set it to always be inventory_hostname?
Back in 2023 (35ba408) it was made configurable, from the ffirst login host

I think it was probably just that when we made it configurable, localhost was guaranteed to be resolvable (but we could have just moved the api_address bit into the variable, so I'm not sure why we swapped). But inventory_hostname has to be / is anyway (logic here) so yes, I think we should probably just do that always.

@sjpb sjpb enabled auto-merge (squash) December 19, 2025 11:19
@sjpb sjpb requested a review from elelaysh December 19, 2025 11:19
elelaysh
elelaysh reviewed Dec 19, 2025
View reviewed changes
elelaysh
elelaysh approved these changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@elelaysh elelaysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go

@sjpb sjpb merged commit c4a5dbc into main Dec 19, 2025
1 check passed
@sjpb sjpb deleted the fix/ood-shell-ssh branch December 19, 2025 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elelaysh elelaysh elelaysh approved these changes

@wtripp180901 wtripp180901 Awaiting requested review from wtripp180901

Assignees

No one assigned

Labels

no-imagebuild

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sjpb @elelaysh