So basically, there are two solutions to this problem:
- set
ProxyCommand=nonein/usr/share/foreman-proxy/.ssh/configfor foreman-proxy - Put the ProxyCommand into a Match block in
/etc/ssh/ssh_config
Match exec true
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
That means: if it can run /bin/true with an exit code 0 it uses the ProxyCommand. Otherwise not. So that’s a system-wide solution for all users which don’t have a shell set.