Problem:
Remote Execution appears to run as “foreman-proxy” while “errata install” runs as root. Both want to use the same foreman_proxy key, but the permissions require that the private key is only readable by the owner. Expected outcome:
Both “remote execution” and “errata install” should be run using the same user when referencing the same SSH key. Foreman and Proxy versions:
Foreman 3.15 / Puppet 8.10 Foreman and Proxy plugin versions:
Distribution and version:
Rocky 9.6 Other relevant data:
proxy.log:
2025-10-24T15:43:27 [E] Error initializing command - RuntimeError Could not establish connection to remote host using any available authentication method, tried publickey
Authentication method 'publickey' failed with:
root@foreman-proxy: Permission denied (publickey).
Each smart proxy has its own ssh keypair, all ssh jobs going through that proxy use that key, regardless what the user on the remote host is.
Yes, on the smart proxy, the keypair is owned by foreman-proxy user and that is the only user that reads that key.
If you trigger two different jobs against a single host and the proxy should connect to that host using the same remote user in both cases. The user being use is configurable at multiple levels.
Could you elaborate more on what you’re trying to achieve and what documentation you followed?
I suspect actually this was simply me making some odd mistake, as when I came to confirm which proxy was having the issue after the weekend, they all appear to be working!
