Foreman remote exec -ssh via proxy

chatlow · May 25, 2023, 12:06pm

Perhaps a unique ask but I am trying to use Foreman’s remote execution plugin to connect over to our server but do this via an SSH proxy.

I have an ssh config in place under the root user and it proxies via an admin box we have running first. Manual SSH tests work fine.

I have also set Foreman to use root user for remote execution under the options. I’ve also added the key we use from out admin host into /usr/share/foreman-proxy/.ssh just in case its required there (even though we use root)

Tailing /var/log/secure on the end server does see attempts coming in from the remote job but its showing Foreman’s IP as source, not the proxy. And therefore fails due to some restrictions we have in sshd config

Any ideas where we can setup this proxy if /root/.ssh/config or /usr/share/Foreman-proxy/.ssh isn’t being looked at by Foreman?

Thanks,

areyus · May 26, 2023, 6:59am

Hi,

if I understand your use-case correctly, you might want to take a look at Remote execution not using jump host/bastion host configuration
Iirc, this does not work out of the box currently but needs a little tweaking in the smart-proxy code. The last post in that thread here has a workaround/patch for an older Foreman version. Not sure, but it should probably still work somewhat alike.

Hope this helps

gvde · May 26, 2023, 7:03am

Without know the exact ssh configuration it’s hard to tell.

foreman basically executes this command:

# sudo -u foreman-proxy ssh -i /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy root@test.example.com date

when using remote execution.