Upgrade PVE 8 to 9, Migration of VM no more possible due to key error

[Jackobli]

Hello
Migrated our LAB Cluster from 8 to 9 along the documentation.
Migration seemed ok, but after the last upgrade I was unable to move (migrate) vms from one to the other node.
I thought I answered the question for changing sshd_config with "enter" (keep).
Tried to renew the keys but still not working message in the log says

2025-08-11 15:47:10 ******************************************************************************
2025-08-11 15:47:10 Your system is configured to use the obsolete tool sss_ssh_knownhostsproxy.
2025-08-11 15:47:10 Please read the sss_ssh_knownhosts(1) man page to learn about its replacement.
2025-08-11 15:47:10 ******************************************************************************
2025-08-11 15:47:10 Connection closed by UNKNOWN port 65535
2025-08-11 15:47:10 ERROR: migration aborted (duration 00:00:00): Can't connect to destination address using public key

I renamed the /etc/sshd.d/04.ipa.conf file to bak and restarted sshd and ssh on both nodes.
In prod we don't have that files either.

We are using sssd for interactive login with freeipa from our workplaces.

Any idea?

 

[BobhWasatch]

That file was added by the IPA tools when you joined your PVE to the IPA domain. I've got the same error on a couple of Debian machines that were upgraded to Trixie. What I did is remove the knownhostsproxy lines while keeping the rest. That's been working for months now.

 

[Jackobli]

That file was added by the IPA tools when you joined your PVE to the IPA domain. I've got the same error on a couple of Debian machines that were upgraded to Trixie. What I did is remove the knownhostsproxy lines while keeping the rest. That's been working for months now.

Gnaaah, I was always looking into sshd_config.d while searching and the configuration was also in ssh_config.d
I removed the files and now the migration works.
Thank you for pointing again at it.