Bug 1461582 - 12.1 ESTABLISHING A SECURE CONNECTION FOR REMOTE COMMANDS
12.1 ESTABLISHING A SECURE CONNECTION FOR REMOTE COMMANDS
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Host Configuration Guide (Show other bugs)
6.2.9
All Linux
medium Severity high (vote)
: 6.2.11
: 6.2
Assigned To: Chris Roberts
Russell Dickenson
:
Depends On:
Blocks: 1542093
  Show dependency treegraph
 
Reported: 2017-06-14 16:42 EDT by Chuck Mead
Modified: 2018-02-05 09:56 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-19 19:46:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chuck Mead 2017-06-14 16:42:38 EDT
Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/host_configuration_guide/chap-host_configuration_guide-running_remote_jobs_on_satellite_hosts

Section Number and Name: DISTRIBUTING THE SSH KEYS FOR REMOTE EXECUTION

Describe the issue: The text suggests we use "ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub root@target.example.com" to distribute the key to client machines. When ssh-copy-id exits it suggests that the success of the command be evaluated by immediately initiating a ssh connection to the same host. 

Suggestions for improvement: The only problem with the above is that what is suggested by ssh-copy-id is the wrong test. 

This is the correct test:

"ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy root@target.example.com"

We should add some verbiage into this section that clarifies the issue.


Additional information:
Comment 1 Chris Roberts 2017-07-10 03:59:15 EDT
Chuck,

It looks like it has already been fixed by the 6.3 docs:

    <listitem>
       <para>
         To distribute keys manually, execute the following command on the Capsule:
       </para>
       <screen># ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub <replaceable>root@target.example.com</replaceable></screen>
       <para>
         Here <replaceable>target.example.com</replaceable> is the host name of the target host. Repeat for each target host you want to manage.
       </para>

Let me know if that works for you
Comment 2 Chuck Mead 2017-07-10 11:07:14 EDT
I'm not sure if this fixes it or not.

The ssh-copy-id command returns text to the screen when it completes. This text is a suggestion of a command the user may use to test (evaluate) whether the ssh-copy-id command they just ran was successful. It's that text that is wrong for our purposes. Does this fix in the docs make that clear?
Comment 3 Chris Roberts 2017-07-10 11:45:56 EDT
Chuck,

I can add a section after the copy-id to test if the key works run your command, would that work?
Comment 4 Chris Roberts 2017-07-11 03:47:04 EDT
Chuck,

Nevermind I will go with that it makes sense for a good test ignore comment #3 clearing the needinfo.
Comment 5 Chris Roberts 2017-07-18 02:26:46 EDT
Merge request opened:

https://gitlab.cee.redhat.com/satellite-6-documentation/user-guide/merge_requests/78

Russell can you do a review and merge please if it looks good :)

Note You need to log in before you can comment on or make changes to this bug.