Can't get Remote Execution to work

Support
1

Problem:
I am following the guide in the remote execution documentation and when I get to the part about copying ssh keys to the remote server I am running into confusion and a problem. I have root login blocked for security reasons but I am trying to copy the key to an non-root user however I cannot seem to understand how to get foreman to use the alternate user. I seem to be misunderstanding on how to configure this and cannot seem to find any guidance unless I remove the root restriction which I do not want to do.

Expected outcome:
Job should execute as alternate user and Sudo to root

Foreman and Proxy versions:
2.3.2

Distribution and version:
Ubuntu 18.04.5

Other relevant data:
I am also unclear how foreman executes commands. Does foreman-proxy ssh to remote host and sudo to required user to execute commands? or does the system ssh as non-root user and then sudo to root to execute commands? I am trying to simultate this on the console session but I cannot seem to get it to work there to verify if my execution is able to work or not.

Thanks for your help. Still trying to learn this beast.

2

Hi,
which guide are you following?

To make REX use another user you can set remote_execution_ssh_user setting in Administer > Settings > Remote Execution. Also note this can be set on a host/hostgroup level if you create a parameter with the same name if you need more fine grained control over it.

That depends on your configuration, it can be either of those. One thing stay always the same, foreman tells foreman-proxy to perform the job and foreman-proxy connects to the host over ssh. How exactly that happens is controlled by a couple of things. REX has a concept of ssh (or remote) user which is used when opening the connection and effective user, which is the user the job should run as on the remote machine. By default, both of these are set to root. When smart proxy connects to the remote machine, it connects as ssh user. Once connected, if effective user is different from ssh user, it uses your configured effective user method to become effective user, if they are the same, not privilege escalation is performed. Then the script is executed.