Access denied remote execution

I am recieving the below error when trying to perform a command on a remote server. this is a fresh install of foreman

Error initializing command: RuntimeError - Unable to create directory on remote system /var/tmp/foreman-ssh-cmd-xxxxx: exit code: 255
root@{redacted}: Permission denied (publickey,password).

this is running the latest build of katello running on centos streams.
I have confirmed the /var/tmp directory is accessible and performed a verbose scp from the foreman server to the remote server using the svc account that i have created on the client side. the scp test was successful

I have these plugins
foreman-tasks foreman_ansible foreman_discovery Foreman_host_reports foreman_monitoring foreman_puppet foreman_remote_execution Foreman_snapshot_management foreman_templates katello

Has anyone come across this issue before?

You are writing that you have a “svc account” on client side, but the log says you do a ssh to user root…

yes that is also perplexing to me as the task is set up with the effective user as the svc account

So there is your problem. Read the tooltip on the “Effective user” when setting up the job invocation:

A user to be used for executing the script. If it differs from the SSH user, su or sudo is used to switch the accounts.

Unless you change the ssh user in Administer - Settings - Remote Execution the default SSH user is root, i.e. it uses root to connect to the remote host and then does sudo or su do change to the effective user.

Ok i just updated that setting however its now got the same fault different username

Error initializing command: RuntimeError - Unable to create directory on remote system /var/tmp/foreman-ssh-cmd-xxxx: exit code: 255
svc_foreman@{redacted}: Permission denied (publickey,password).
Exit status: EXCEPTION

It still looks as if the remote host doesn’t accept the ssh key for svc_foreman. Check the log on the remote host for details.

You should be able to check this on the main server (or from the smart proxy in case the connection comes from a proxy and not the main server):

[root@foreman ~]# sudo -u foreman-proxy ssh -i /usr/share/foreman-proxy/.ssh/ -v

That should work. If not and you are using IPA or otherwise the sss_ssh_knownhosts_proxy or other ProxyCommand settings, the topic All remote execution jobs fail immediately with exception may help.

1 Like

Thanks that put me onto where the issue was. It was another field in the settings that needed correcting.

Can you elaborate? For those who have the same problem?

There was a field that had set effective user Method. the options where sudo, su, and dzdu
I set this to sudo, i also found there was two fields for passwords. effective user and ssh user.
I had set one but not the other.

upon setting these options and removing the sudo from my command i was executing it was able to complete successfully