Feature #21850
openSupport ForwardAgent in SSH Proxy
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1362644
Description of problem:
The ruby library we use reads ~foreman-proxy/ssh/config, and supports a number of options1 including ForwardAgent, however unlike the SSH CLI, it does not start an agent if one's not started. So, we would need to actually start an agent.
Version-Release number of selected component (if applicable):
6.2 GA
How reproducible:
Always
Steps to Reproduce:
1. Configure ~foreman-proxy/.ssh/config as such:
Host *
ForwardAgent yes
StrictHostKeyChecking no # just for testing
2. Create a job in Satellite that SSH's to another host that is configured to allow foreman-proxy keys, e.g the satellite itself
ssh localhost hostname -f
Actual results:
Job fails, agent is not used. If you look at SSH logs (see ), you'll see this:
I, [2016-08-02T13:04:47.697219 #1422] INFO -- net.ssh.service.forward[253c094]: opening auth-agent channel
D, [2016-08-02T13:04:47.697262 #1422] DEBUG -- net.ssh.authentication.agent[14d9af8]: connecting to ssh-agent
E, [2016-08-02T13:04:47.697305 #1422] ERROR -- net.ssh.authentication.agent[14d9af8]: could not connect to ssh-agent
E, [2016-08-02T13:04:47.697340 #1422] ERROR -- net.ssh.service.forward[253c094]: attempted to connect to agent but failed: Net::SSH::Authentication::AgentNotAvailable (no implicit conversion of nil into String)
E, [2016-08-02T13:04:47.697378 #1422] ERROR -- net.ssh.connection.session[255524c]: [2, "could not connect to authentication agent"]
Expected results:
Job succeeds
Additional info:
You can make it work by editing connector.rb and starting an agent before we do Net::SSH.start.
Of course this should be refactored, and a single agent should be used for the life of the dynflow process, but this works:
vars = `ssh-agent`
vars = vars.split(';').reject { |r| !r.strip.include?('=') }
vars.each do |var|
name, value = var.split('=')
ENV[name.strip] = value.strip
end
`ssh-add ~/.ssh/id_rsa_foreman_proxy` # add our identity to the agent