Project

General

Profile

Actions

Bug #36456

closed

Not possible to use ProxyJump or ProxyCommand for remote execution.

Added by Gerald Vogt over 1 year ago. Updated 16 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-

Description

PR https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/89 added a commmand line option "-o ProxyCommand=none" to the ssh execution. As pointed out there and discussed in https://community.theforeman.org/t/remote-execution-not-using-jump-host-bastion-host-configuration/32127/6 this effectively prevents the use of proxy hosts with ssh, as ProxyCommand on the command line takes precedence before ProxyJump/ProxyCommand in .ssh/config.

Thus, in any scenario which requires ProxyJump to access clients this won't be possible, unless a smart proxy is installed directly on the jump host.

I think instead of using command line options the configuration would better be placed into ~foreman-proxy/.ssh/config allow people to overwrite it if necessary.

Actions #1

Updated by Gerald Vogt over 1 year ago

  • Found in Releases smart_proxy_remote_execution_ssh-0.9.0 added
  • Found in Releases deleted (foreman_remote_execution-8.2.0)
Actions #2

Updated by Gerald Vogt over 1 year ago

Of course, I think somewhere deep down there the main reason for the issue with ProxyCommand is the /bin/false as default shell for foreman-proxy. It makes ProxyCommand always which is a problem if, for instance, ipa adds a ProxyCommand into ssh_config.

https://community.theforeman.org/t/all-remote-execution-jobs-fail-immediately-with-exception/27156/5

So maybe it would be better to change the default shell for foreman-proxy??

I have also wanted to add the original issue: https://projects.theforeman.org/issues/35245

Actions #3

Updated by Adam Ruzicka over 1 year ago

So maybe it would be better to change the default shell for foreman-proxy??

This was discussed here1. From what I recall from it, the concensus was "let's not change the shell for foreman-proxy user globally, but let's take a look if we could do that in remote execution", which we then never did.

https://github.com/theforeman/puppet-foreman_proxy/pull/742

Actions #4

Updated by The Foreman Bot about 1 month ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/117 added
Actions #5

Updated by The Foreman Bot 28 days ago

  • Fixed in Releases smart_proxy_remote_execution_ssh-0.11.1 added
Actions #6

Updated by Adam Lazik 28 days ago

  • Status changed from Ready For Testing to Closed
Actions #7

Updated by Adam Ruzicka 16 days ago

  • Fixed in Releases smart_proxy_remote_execution_ssh-0.11.3 added
  • Fixed in Releases deleted (smart_proxy_remote_execution_ssh-0.11.1)
Actions

Also available in: Atom PDF