Net/ssh gem use

Aditya_Gupta1 · February 9, 2016, 4:23am

Hello ,

I am trying to establish ssh connection to target machine using key based
authentication, but some how it failed in authentication:

I placed this code in one of the action of the controller,

Net::SSH.start('r8sysappnode05.localdomain','txpadmin',:keys =>
"/usr/share/foreman-proxy/.ssh/id_rsa") do |ssh|
@output=ssh.exec!("hostname")
end

Whenever i use password based it worked.

Could you please reply how can i achieve this??

Thanks,
Aditya

Ondrej_Prazak · February 9, 2016, 1:51pm

It does not look like there is a problem in your code snippet. The last
time I faced problems when trying to shh into a machine like you, it turned
out there was wrong SELinux context on the target machine.
This fixed the problem for me (on CentOS host):

restorecon -R -v /root/.ssh

I would also check permissions on your
'/usr/share/foreman-proxy/ssh/id_rsa'.

···

On Tuesday, February 9, 2016 at 5:23:53 AM UTC+1, Aditya Gupta wrote: > > Hello , > > I am trying to establish ssh connection to target machine using key based > authentication, but some how it failed in authentication: > > I placed this code in one of the action of the controller, > > Net::SSH.start('r8sysappnode05.localdomain','txpadmin',:keys => > "/usr/share/foreman-proxy/.ssh/id_rsa") do |ssh| > @output=ssh.exec!("hostname") > end > > > Whenever i use password based it worked. > > Could you please reply how can i achieve this?? > > Thanks, > Aditya >

Aditya_Gupta1 · February 10, 2016, 3:17am

>
> It does not look like there is a problem in your code snippet. The last
> time I faced problems when trying to shh into a machine like you, it turned
> out there was wrong SELinux context on the target machine.
> This fixed the problem for me (on CentOS host):
>
> restorecon -R -v /root/.ssh
>
> I would also check permissions on your
> '/usr/share/foreman-proxy/ssh/id_rsa'.
>
>
>>
>> Hello ,
>>
>> I am trying to establish ssh connection to target machine using key based
>> authentication, but some how it failed in authentication:
>>
>> I placed this code in one of the action of the controller,
>>
>> Net::SSH.start('r8sysappnode05.localdomain','txpadmin',:keys =>
>> "/usr/share/foreman-proxy/.ssh/id_rsa") do |ssh|
>> @output=ssh.exec!("hostname")
>> end
>>
>>
>> Whenever i use password based it worked.
>>
>> Could you please reply how can i achieve this??
>>
>> Thanks,
>> Aditya
>>
>

···

On Tuesday, February 9, 2016 at 7:21:12 PM UTC+5:30, oprazak wrote: > On Tuesday, February 9, 2016 at 5:23:53 AM UTC+1, Aditya Gupta wrote: -------------------------------------------

Hi oprazak,

exactly There is some permission issue
/usr/share/foreman-proxy/.ssh/id_rsa", but i am wondering same thing
foreman puppetrun button is doing using net/ssh then how they have
permission but i am using the same via foreman but in different section for
me it is not working.

Do you have any idea where can i find the puppet run code and check how
they have permission to access same file but i am not .,

Thanks,
Aditya

Dominic_Cleal2 · February 10, 2016, 12:52pm

The code that triggers the Puppet run over SSH is in the smart proxy,
not in Foreman. As such, it would run under a different user account -
the main Foreman account shouldn't have access to private data in
/usr/share/foreman-proxy as they're separate services.

The proxy actually uses the (Open)SSH binary, not net-ssh too:

https://github.com/theforeman/smart-proxy/blob/develop/modules/puppet_proxy/puppet_ssh.rb

···

On 10/02/16 03:17, Aditya Gupta wrote: > > > On Tuesday, February 9, 2016 at 7:21:12 PM UTC+5:30, oprazak wrote: > > It does not look like there is a problem in your code snippet. The > last time I faced problems when trying to shh into a machine like > you, it turned out there was wrong SELinux context on the target > machine. > This fixed the problem for me (on CentOS host): > > restorecon -R -v /root/.ssh > > I would also check permissions on your > '/usr/share/foreman-proxy/ssh/id_rsa'. > > > On Tuesday, February 9, 2016 at 5:23:53 AM UTC+1, Aditya Gupta wrote: > > Hello , > > I am trying to establish ssh connection to target machine using > key based authentication, but some how it failed in authentication: > > I placed this code in one of the action of the controller, > > Net::SSH.start('r8sysappnode05.localdomain','txpadmin',:keys => > "/usr/share/foreman-proxy/.ssh/id_rsa") do |ssh| > @output=ssh.exec!("hostname") > end > > > Whenever i use password based it worked. > > Could you please reply how can i achieve this?? > > Thanks, > Aditya > > > > ------------------------------------------- > > > Hi oprazak, > > exactly There is some permission issue > /usr/share/foreman-proxy/.ssh/id_rsa", but i am wondering same thing > foreman puppetrun button is doing using net/ssh then how they have > permission but i am using the same via foreman but in different section > for me it is not working. > > Do you have any idea where can i find the puppet run code and check how > they have permission to access same file but i am not .,

–
Dominic Cleal
dominic@cleal.org