Problem:
Same ssh-rsa key put three times into authorized_keys.
From provisioniong template:
cat << EOF >> ~root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCusDtwkjMR21e/+XiuNJt14TgYGMj7wmGCq5kE1JeSkLHNLehyt6CLNcADBBoGHJaYSQRlllmaxG0xzK+bCWCFFo1zunuHeGqrnKeML0MfPO3bwArErwM1VRAr8KxYUDp4yY5pwMW1tpg90fCMrRcv/i6atjwHtpYeptkutzmXKQMFUeCC87mV6uO5mQ8Xw9PXoFT301sKYtl7EOGl2+6QeHHbAAkilUfLYOZ8GpETdbyKg2b0wy0848uvIRISDCA3Ee60m6qXJjuD70H/FpUVqwN5G9yKxuZId57jxjFts/5FKUEAFm3Gfl6dEBkKSpjYzxKBALKj249WY7rCZ/CH foreman-proxy@katello.kt21c.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCusDtwkjMR21e/+XiuNJt14TgYGMj7wmGCq5kE1JeSkLHNLehyt6CLNcADBBoGHJaYSQRlllmaxG0xzK+bCWCFFo1zunuHeGqrnKeML0MfPO3bwArErwM1VRAr8KxYUDp4yY5pwMW1tpg90fCMrRcv/i6atjwHtpYeptkutzmXKQMFUeCC87mV6uO5mQ8Xw9PXoFT301sKYtl7EOGl2+6QeHHbAAkilUfLYOZ8GpETdbyKg2b0wy0848uvIRISDCA3Ee60m6qXJjuD70H/FpUVqwN5G9yKxuZId57jxjFts/5FKUEAFm3Gfl6dEBkKSpjYzxKBALKj249WY7rCZ/CH foreman-proxy@katello.kt21c.net
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCusDtwkjMR21e/+XiuNJt14TgYGMj7wmGCq5kE1JeSkLHNLehyt6CLNcADBBoGHJaYSQRlllmaxG0xzK+bCWCFFo1zunuHeGqrnKeML0MfPO3bwArErwM1VRAr8KxYUDp4yY5pwMW1tpg90fCMrRcv/i6atjwHtpYeptkutzmXKQMFUeCC87mV6uO5mQ8Xw9PXoFT301sKYtl7EOGl2+6QeHHbAAkilUfLYOZ8GpETdbyKg2b0wy0848uvIRISDCA3Ee60m6qXJjuD70H/FpUVqwN5G9yKxuZId57jxjFts/5FKUEAFm3Gfl6dEBkKSpjYzxKBALKj249WY7rCZ/CH foreman-proxy@katello.kt21c.net
EOF
Expected outcome:
Same key should be put only once.
Foreman and Proxy versions:
Foreman and foreman-proxy 2.0.0
Foreman and Proxy plugin versions:
don’t know what is meant with this :-/
Distribution and version:
[root@katello foreman]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
[root@katello foreman]#
Other relevant data:
I think had set up something related to ssh keys already before, and only installed the remote_execution features afterwards (yesterday, I think):
[root@katello foreman]# history | grep remote
517 foreman-installer --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
743 history | grep remote
[root@katello foreman]#
That key exists (as far as I could find) only exactly once in the filesystem:
[root@katello ssh]# pwd
/var/lib/foreman-proxy/ssh
[root@katello ssh]# ll
total 8
-rw-------. 1 foreman-proxy foreman-proxy 1679 Jun 3 23:52 id_rsa_foreman_proxy
-rw-r–r--. 1 foreman-proxy foreman-proxy 413 Jun 3 23:52 id_rsa_foreman_proxy.pub
[root@katello ssh]# cat id_rsa_foreman_proxy.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCusDtwkjMR21e/+XiuNJt14TgYGMj7wmGCq5kE1JeSkLHNLehyt6CLNcADBBoGHJaYSQRlllmaxG0xzK+bCWCFFo1zunuHeGqrnKeML0MfPO3bwArErwM1VRAr8KxYUDp4yY5pwMW1tpg90fCMrRcv/i6atjwHtpYeptkutzmXKQMFUeCC87mV6uO5mQ8Xw9PXoFT301sKYtl7EOGl2+6QeHHbAAkilUfLYOZ8GpETdbyKg2b0wy0848uvIRISDCA3Ee60m6qXJjuD70H/FpUVqwN5G9yKxuZId57jxjFts/5FKUEAFm3Gfl6dEBkKSpjYzxKBALKj249WY7rCZ/CH foreman-proxy@katello.kt21c.net
[root@katello ssh]#
I darkly remember I might have put that public key string as an array into some parameter field somewhere (host, hostgroup, …) but I don’t find it anywhere. Clicked through all pages.
Administer => Settings all tabs,
Configure => Host Group => all tabs
Configure => Global Parameters => all tabs
Perhaps I did that only for one specific host for testing, but why would it then apply it to all new hosts?
I checked this question: How to update remoteExecution SSH key properly? and where?
Didn’t find any ssh key under Infrastructure => Smart proxy either. Checked this file:
[root@katello ~]# grep key_file /etc/foreman-proxy/settings.d/remote_execution_ssh.yml
:ssh_identity_key_file: /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy
[root@katello ~]#
which points to the place above.