Project

General

Profile

Bug #6022

puppetssh fails due to host key prompt when trying to do puppetrun

Added by Stephen Herd about 5 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Puppet
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

I've configured settings.yml to allow puppet runs over ssh

But on the remote server I just get "Connection Closed by x.x.x.x". After playing around with things manually (enabling login for foreman-proxy and running commands myself), I discovered that foreman-proxy was silently failing because of the host key prompt.

I added:
cmd = []
cmd.push(which('sudo')) if SETTINGS.puppetssh_sudo
cmd.push(which('ssh'))
cmd.push("-o StrictHostKeyChecking=no")
cmd.push("-l", "#{SETTINGS.puppetssh_user}") if SETTINGS.puppetssh_user

in

foreman-proxy/lib/proxy/puppet/puppet_ssh.rb

and everything seems to work correctly.

Associated revisions

Revision 846218ef (diff)
Added by Michael Moll about 2 years ago

Fixes #6022 - disable StrictHostKeyChecking

History

#1 Updated by Dominic Cleal about 5 years ago

  • Project changed from Foreman to Smart Proxy
  • Subject changed from puppetssh silently fails when trying to do puppetrun to puppetssh fails due to host key prompt when trying to do puppetrun
  • Category changed from Puppet integration to Puppet
  • Priority changed from High to Normal

#2 Updated by Royee Tager almost 4 years ago

Hi,

Do you have any updates regarding this issue?

#3 Updated by Francois Laupretre almost 3 years ago

Hi,

Fix for version 1.12.1 :

--- puppet_proxy_ssh_main.rb    2016-07-22 15:16:46.000000000 +0200
+++ puppet_proxy_ssh_main.rb.new        2016-08-09 11:19:55.241114989 +0200
@@ -28,6 +28,7 @@
     end
     cmd.push(ssh_path)

+    cmd.push('-o', 'StrictHostKeyChecking=no')
     cmd.push("-l", user) if user

     if keyfile_path

Without option, you must 'ssh' to every client manually from foreman proxy before being able to launch a remote command. So, in practice, 'StrictHostKeyChecking=no' is mandatory and should, IMHO, be inserted in the code.

#4 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Michael Moll
  • Pull request https://github.com/theforeman/smart-proxy/pull/528 added

#5 Updated by Michael Moll about 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF