Bug 1461582

Summary: 12.1 ESTABLISHING A SECURE CONNECTION FOR REMOTE COMMANDS
Product: Red Hat Satellite Reporter: Chuck Mead <csm>
Component: Docs Host Configuration GuideAssignee: Chris Roberts <chrobert>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: high Docs Contact:
Priority: medium    
Version: 6.2.9CC: chrobert, csm, rdickens, tcarlin
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-19 23:46:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1724792    

Description Chuck Mead 2017-06-14 20:42:38 UTC 
Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/host_configuration_guide/chap-host_configuration_guide-running_remote_jobs_on_satellite_hosts

Section Number and Name: DISTRIBUTING THE SSH KEYS FOR REMOTE EXECUTION

Describe the issue: The text suggests we use "ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub root.com" to distribute the key to client machines. When ssh-copy-id exits it suggests that the success of the command be evaluated by immediately initiating a ssh connection to the same host. 

Suggestions for improvement: The only problem with the above is that what is suggested by ssh-copy-id is the wrong test. 

This is the correct test:

"ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy root.com"

We should add some verbiage into this section that clarifies the issue.


Additional information:
Comment 1 Chris Roberts 2017-07-10 07:59:15 UTC 
Chuck,

It looks like it has already been fixed by the 6.3 docs:

    <listitem>
       <para>
         To distribute keys manually, execute the following command on the Capsule:
       </para>
       <screen># ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub <replaceable>root.com</replaceable></screen>
       <para>
         Here <replaceable>target.example.com</replaceable> is the host name of the target host. Repeat for each target host you want to manage.
       </para>

Let me know if that works for you
Comment 2 Chuck Mead 2017-07-10 15:07:14 UTC 
I'm not sure if this fixes it or not.

The ssh-copy-id command returns text to the screen when it completes. This text is a suggestion of a command the user may use to test (evaluate) whether the ssh-copy-id command they just ran was successful. It's that text that is wrong for our purposes. Does this fix in the docs make that clear?
Comment 3 Chris Roberts 2017-07-10 15:45:56 UTC 
Chuck,

I can add a section after the copy-id to test if the key works run your command, would that work?
Comment 4 Chris Roberts 2017-07-11 07:47:04 UTC 
Chuck,

Nevermind I will go with that it makes sense for a good test ignore comment #3 clearing the needinfo.
Comment 5 Chris Roberts 2017-07-18 06:26:46 UTC 
Merge request opened:

https://gitlab.cee.redhat.com/satellite-6-documentation/user-guide/merge_requests/78

Russell can you do a review and merge please if it looks good :)