SSH questions

StephenW · May 27, 2020, 4:55pm

Hi All

Not sure if I am doing this right, still testing, have Foreman server running all seems OK.
added a Cent OS 7 client all good.
Tried to schedule a job to update all packages, I can only get work if SSH port is 22
and PermitRootLogin is set to yes, unfortunately, we run SSH on a different port and
PermitRootLogin is set to no, I have tried setting the effective user in advanced section
of the job, but I still get the error “Error initializing command: Net::SSH::AuthenticationFailed - Authentication failed for user - root”

Can anyone point me in the right direction, to change the SSH port and the default SSH user?

Thanks

StephenW · May 27, 2020, 5:09pm

Hi All

OK found the port settings have changed the port and default user, but still got the error
“You need to be root to perform this command.” we don’t allow remote access by root?

lzap · May 28, 2020, 12:38pm

Hey, there should be an Administer - Setting - Remote Execution option SSH Port and SSH User. Use that.

StephenW · May 28, 2020, 12:44pm

Hi

Thanks found the settings, getting a bit further down the line, do you know where I can set
the root password, have tried setting in the Advanced fields on Job invocation page, but
I am getting error “Password: su: Authentication failure”, I know password is correct as I
can SSH from server to client ans su on the client?

Can it be set in the hosts parameters?

aruzicka · May 28, 2020, 1:12pm

If you want to change effective user with a password, you have to use sudo as the effective user method. Su can be only used passwordless

StephenW · May 28, 2020, 1:40pm

Hi

Thanks, but something is not right,
I am running the job template Update all packages (yum update -y)
Have set the user and pass as effective user.
I can run the cmd with no problem when I SSH from the server to the client as the effective user.
but when I schedule the job in foreman I get this error?

“You need to be root to perform this command.”

StephenW · May 28, 2020, 2:58pm

Hi All

This is really annoying where else do I need to set the password?

Administer - Settings - Remote Execution
Default SSH password = {correct-password}
Effective User = foreman
Effective User Method = sudo
SSH Port = {our-ssh-port}
SSH User = foreman
Sudo password = {correct-password}

Hosts - All Hosts - foreman-client - Parameters
remote_execution_ssh_password = {correct-password}
remote_execution_ssh_port = {our-ssh-port}
remote_execution_ssh_user = foreman

Hosts - All Hosts - foreman-client - Schedule Remote Job
Job category = Miscellaneous
Job template = Update all packages (sudo yum update -y)
Advanced fields
Effective user = foreman
Password = {correct-password}
Sudo password = {correct-password}

Extract from /etc/sudoers on foreman-client
#Allow root to run any commands anywhere
root ALL=(ALL) ALL
foreman ALL=(ALL) ALL

Output from job:
1: [sudo] password for foreman:
2: sudo: timed out reading password
3: Exit status: 1

aruzicka · May 29, 2020, 7:20am

What are you really trying to acomplish? In what you just posted you are setting both the remote user and effective user to foreman. Why would you need to do anything with sudo then?

StephenW · May 29, 2020, 7:42am

Hi

I am running a Job that runs the cmd remotely “yum update -y” it will only run as root or as sudo,
it looks like the cmd is running but it is not getting the password.

error is sudo: timed out reading password