Plugins » Foreman Remote Execution

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1747748

Description of problem:
If an user generates a ssh key with ed25519 algorithm and uses this key to perform a remote execution via the Satellite, the Dynflow flow task will fail silently and hang indefinitely.

Version-Release number of selected component (if applicable):
6.5

How reproducible:
When using a key type not supported by the ruby net/ssh.

Steps to Reproduce:
1. Generate a ed25519 ssh key

su - -s /bin/bash foreman-proxy
ssh-keygen -t ed25519 -C "test_key"
cd .ssh
mv id_ed25519.pub id_rsa_foreman_proxy.pub
mv id_ed25519 id_rsa_foreman_proxy

2. Copy the public key to the target machine.

3. Trigger a remote execution job via Satellite web UI.

Actual results:
Task hang indefinitely or until the job timeout

Expected results:
Catch the error and the task should fail with proper error message.

Additional info:

The reason that the job hang is the 'NoImplementError' is not inheriting the 'StandardError' so no exception is caught.

irb(main):014:0* begin
irb(main):015:1* raise NotImplementedError, "Testing"
irb(main):016:1> rescue Exception
irb(main):017:1> p "Caught you!"
irb(main):018:1> end
"Caught you!"
=> "Caught you!"

irb(main):019:0> begin
irb(main):020:1* raise NotImplementedError, "Testing"
irb(main):021:1> rescue
irb(main):022:1> p "Caught you!"
irb(main):023:1> end
NotImplementedError: Testing
from (irb):20
from /usr/bin/irb:12:in `<main>'

I attached a script to test run the ssh command directly which helped to reproduce the error.

su - s /bin/bash foreman-proxy
scl enable tfm "ruby /tmp/ssh_cmd.rb my-target.example.com root 'sudo sh -c uptime'"
<snip>
D, [2019-09-01T17:30:15.600578 #25120] DEBUG - net.ssh.authentication.session[a6c020]: trying publickey
Traceback (most recent call last):
14: from /tmp/ssh_cmd.rb:28:in `<main>'
13: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh.rb:237:in `start'
12: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:66:in `authenticate'
11: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:66:in `each'
10: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:80:in `block in authenticate'
9: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/methods/publickey.rb:19:in `authenticate'
8: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:101:in `each_identity'
7: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:217:in `load_identities'
6: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:217:in `map'
5: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:221:in `block in load_identities'
4: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/key_factory.rb:84:in `load_public_key'
3: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/key_factory.rb:103:in `load_data_public_key'
2: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/buffer.rb:242:in `read_key'
1: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/buffer.rb:275:in `read_keyblob'
/opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': unsupported key type `ssh-ed25519' (NotImplementedError)
net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn't have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/478 for more information
Gem::MissingSpecError : "Could not find 'rbnacl' (< 5.0, >= 3.2.0) among 202 total gem(s)