I have successfully deployed a FreeIPA server and have set up multiple clients that seem to work just fine.

However, I tried for the first time to ssh to a location *outside* of the FreeIPA domain (in particular, ssh to github.com). It seems that known_hosts is controlled by the IPA, as sss_ssh_knownhostsproxy is used.

How do I get SSH to work when going from a FreeIPA client to an external host?

I even tried to add an ssh config line specifically for the external server with 'ProxyCommand' set to 'none' and with a local UserKnownHostsFile. That just ends up stuck at 'Connecting to [xxxx] port 22'.

More info: I have confirmed that I can access the external server (wget github.com works) and that I can SSH to other machines within the FreeIPA domain just fine.