Bug 1851382

Summary: SSH debug logging doesn't show any useful data
Product: Red Hat Satellite Reporter: Adam Ruzicka <aruzicka>
Component: Remote ExecutionAssignee: Adam Ruzicka <aruzicka>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.7.0CC: aruzicka, inecas
Target Milestone: 6.9.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tfm-rubygem-foreman_remote_execution_core-1.3.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-21 13:15:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Ruzicka 2020-06-26 11:54:24 UTC 
Description of problem:
When ssh debug logging is enabled, it prints only the facility which emitted the message, not the message itself.

Version-Release number of selected component (if applicable):
rubygem-smart_proxy_remote_execution_ssh-0.3.0-3
rubygem-foreman_remote_execution_core-1.3.0-1


How reproducible:
Always


Steps to Reproduce:
1. Set ssh_log_level to debug in /etc/smart_proxy_dynflow_core/settings.d/remote_execution_ssh.yml
2. Restart smart_proxy_dynflow_core
3. Run a REX job
4. Watch /var/log/foreman-proxy/smart_proxy_dynflow_core.log

Actual results:
The log contains logs like 
socket[2abe13ae57f8]socket[2abe13ae57f8]net.ssh.connection.session[3fcbf60ee3e8]net.ssh.connection.channel[3fcbf6108dec]socket[2abe13ae57f8]net.ssh.connection.channel[3fcbf6108dec]socket[2abe13ae57f8]socket[2abe13ae57f8

(also hitting BZ1851379)

It does not show what is actually supposed to be logged, only that a session or a channel emitted a log message.

Expected results:
Log messages like
net.ssh.transport.algorithms[2b0600e23494]: negotiating algorithms
net.ssh.transport.algorithms[2b0600e23494]: negotiated:
* kex: ecdh-sha2-nistp521
* host_key: ecdsa-sha2-nistp256
* encryption_server: aes256-ctr
* encryption_client: aes256-ctr
* hmac_client: hmac-sha2-512-etm
* hmac_server: hmac-sha2-512-etm
* compression_client: none
* compression_server: none
* language_client: 
* language_server:


Additional info:
Comment 1 Adam Ruzicka 2020-06-26 12:20:53 UTC 
Created redmine issue http://projects.theforeman.org/issues/30225 from this bug
Comment 2 Bryan Kearney 2020-07-04 20:04:36 UTC 
Upstream bug assigned to aruzicka
Comment 3 Bryan Kearney 2020-07-04 20:04:38 UTC 
Upstream bug assigned to aruzicka
Comment 4 Peter Ondrejka 2020-12-09 14:47:45 UTC 
Verified on Satellite 6.9 snap 4, ssh debug logs are stored as expected. However, there is side effect occurring on FIPS-enabled machines, separate bug created here https://bugzilla.redhat.com/show_bug.cgi?id=1906023
Comment 7 errata-xmlrpc 2021-04-21 13:15:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1313