Bug #36456
closed
Not possible to use ProxyJump or ProxyCommand for remote execution.
Description
PR https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/89 added a commmand line option "-o ProxyCommand=none" to the ssh execution. As pointed out there and discussed in https://community.theforeman.org/t/remote-execution-not-using-jump-host-bastion-host-configuration/32127/6 this effectively prevents the use of proxy hosts with ssh, as ProxyCommand on the command line takes precedence before ProxyJump/ProxyCommand in .ssh/config.
Thus, in any scenario which requires ProxyJump to access clients this won't be possible, unless a smart proxy is installed directly on the jump host.
I think instead of using command line options the configuration would better be placed into ~foreman-proxy/.ssh/config allow people to overwrite it if necessary.
Updated by Gerald Vogt over 1 year ago
- Found in Releases smart_proxy_remote_execution_ssh-0.9.0 added
- Found in Releases deleted (
foreman_remote_execution-8.2.0)
Updated by Gerald Vogt over 1 year ago
Of course, I think somewhere deep down there the main reason for the issue with ProxyCommand is the /bin/false as default shell for foreman-proxy. It makes ProxyCommand always which is a problem if, for instance, ipa adds a ProxyCommand into ssh_config.
https://community.theforeman.org/t/all-remote-execution-jobs-fail-immediately-with-exception/27156/5
So maybe it would be better to change the default shell for foreman-proxy??
I have also wanted to add the original issue: https://projects.theforeman.org/issues/35245
Updated by Adam Ruzicka over 1 year ago
So maybe it would be better to change the default shell for foreman-proxy??
This was discussed here1. From what I recall from it, the concensus was "let's not change the shell for foreman-proxy user globally, but let's take a look if we could do that in remote execution", which we then never did.
Updated by The Foreman Bot 29 days ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/117 added
Updated by The Foreman Bot 15 days ago
- Fixed in Releases smart_proxy_remote_execution_ssh-0.11.1 added
Updated by Adam Lazik 15 days ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_proxy_plugin|7b6b93f0fc9c50c1d1ea39db04a246c9747d8a96.
Updated by Adam Ruzicka 3 days ago
- Fixed in Releases smart_proxy_remote_execution_ssh-0.11.3 added
- Fixed in Releases deleted (
smart_proxy_remote_execution_ssh-0.11.1)