Bug 164388 - explain ssh key distribution through remote commands
Summary: explain ssh key distribution through remote commands
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Docs Reference Guide
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: John Ha
QA Contact: Martin Minar
URL:
Whiteboard: Fixed in the 5.4.0 Release - GA'd 201...
Depends On:
Blocks: sat540-docs
TreeView+ depends on / blocked
 
Reported: 2005-07-27 16:10 UTC by Patrick C. F. Ernzer
Modified: 2016-07-04 00:54 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-10-28 14:57:59 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Patrick C. F. Ernzer 2005-07-27 16:10:36 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040816

Description of problem:
in section '7.2.4. Installing the SSH key' we explain how to install an ssh key manually.

We should really describe how to do this with remote commands

Version-Release number of selected component (if applicable):
RHNref(EN)-3.7-RHI (2005-03-16T12:14)

How reproducible:
Always

Steps to Reproduce:
1. read docs
2. notice lack of sexyness in described way
3. file bug
  

Additional info:

on a more serious note, I suggest we ditch steps 3 through 5 in that section and replace them by the following:

3. Select the systems you want to send the key to (see section SOMEWHERE for instructions on how to select multiple systems or work with groups)
4. Go to the 'System Set Manager'
5. Select 'Run remote commands'
6. enter the following script
#!/bin/sh
cat <<EOF >> /opt/nocpulse/.ssh/authorized_keys
PASTE THE LINE COPIED IN STEP 2 HERE
EOF

e.g.
#!/bin/sh
cat <<EOF >> /opt/nocpulse/.ssh/authorized_keys
ssh-dss AABBAB3NzaC3kc3MABCCBAJ4cmyf5jt/ihdtFbNE1YHsT0np0SYJz7xkA3A1rR1iur24vil6WYjPn0b7S6bt50Y12u4YizTe27NXhlQ3CVzVTG3BTzf4SSZIUlXUzQ0HnPons6STu69TcgbeDhRRbOcD6qBBfl3vJ0tkQ8uDy99WoQzevJNhYgzm7FA3HtmOTAAAAFQDh9mCMu4OHBU8sx9XjVTWJbRgwbQAAAIEAmg2dXCvRI0KuUVCbe9v2z/s8zDOmqVHb79PuJgbeydyB5/u36ujAWlPx3rWmyB88DOmID2urhzoKUUWnZmOUqJ7eXoTbGEcZjZLppOZgzAepw1vUHXfa/L9XiXvsV8K5Qmcu70h0R1gohBIder/1I1QbHMCgfDVFPtfV5eedau4AAACAc99dHbWhk/dMPiWXgHxdI0vT2xSnuozIox2klmfbTeO4Ajn/Ecfxqgs5diat/NIaeoItuGUYepXFoVv8DVL3wpp45EOi02hjmp4j2MYNpc6Pc3nPOVntu6YBv+whB0VrsVzeqX89u23FFjTLGbfYrmMQflNizj8yynGRePIMFhI= root.com
EOF

7. Schedule the command

Comment 1 Todd Warner 2005-07-27 20:25:48 UTC
Great idea. Not for RHN 400. Too late. Maybe a knowledge-base article. Not sure.
rhn-uncommitted for now.

Comment 2 Melissa Goldin 2006-05-04 13:19:21 UTC
Mass adding keyword 'Documentation' to all bugs

Comment 3 Melissa Goldin 2006-07-11 16:26:01 UTC
I think this is definately do-able for the 420 Ref Guide.



Comment 4 Melissa Goldin 2007-02-05 23:03:34 UTC
I'm afraid I ran out of time to get this one in - moving to rhn505-docs

Comment 5 Michael Hideo 2007-06-06 04:48:03 UTC
Adding 'cc ecs-dev-list for tracking

Comment 6 Michael Hideo 2007-06-20 01:32:02 UTC
Moving Bugs to John Ha and assigning.

Re-prioritization meeting on June 20, 7PM EST.

Comment 7 Michael Hideo 2007-10-23 02:52:36 UTC
Removing automation notification

Comment 8 John Ha 2009-02-27 21:23:59 UTC
Agh :( Sorry, ran out of time for this one. uncommitting it for sat530-docs. Maybe in an update?

Comment 9 John Ha 2010-07-13 20:56:07 UTC
So, based on Frank's suggestions, I've rewritten the instructions as follows. Let me know if it is correct or needs changes.

1. Navigate to the Monitoring ⇒ Scout Config Push page on the Satellite
   interface and click the name of the RHN Server that will monitor the
   client system. The SSH id_dsa.pub key is visible on the resulting page.

2. Copy the character string (beginning with ssh-dss and ending with the
   hostname of the RHN Server).
  
3. Select the systems you want to send the key to from the Systems, then
   selecting Systems from the left menu, and finally clicking the checkbox next
   to the systems you want to send the SSH key and click the Manage button at
   the top.
   
4. From the System Set Manager, click Run remote commands, then in the Script
   text box, type the following line:

 #!/bin/sh
 cat <<EOF >> /opt/nocpulse/.ssh/authorized_keys

   Then, press Enter and then paste the SSH Key. The result should look similar
   to the following:

 #!/bin/sh
 cat <<EOF >> /opt/nocpulse/.ssh/authorized_keys                  
 ssh-dss AABBAB3NzaC3kc3MABCCBAJ4cmyf5jt/ihdtFbNE1YHsT0np0SYJz7xk
 hzoKUUWnZmOUqJ7eXoTbGEcZjZLppOZgzAepw1vUHXfa/L9XiXvsV8K5Qmcu70h0
 1gohBIder/1I1QbHMCgfDVFPtfV5eedau4AAACAc99dHbWhk/dMPiWXgHxdI0vT2
 SnuozIox2klmfbTeO4Ajn/Ecfxqgs5diat/NIaeoItuGUYepXFoVv8DVL3wpp45E
 02hjmp4j2MYNpc6Pc3nPOVntu6YBv+whB0VrsVzeqX89u23FFjTLGbfYrmMQflNi
 j8yynGRePIMFhI= root.com
 EOF

5. Set the date and time you want for the action to take place, then click Schedule Remote Command.

Comment 10 Miroslav Suchý 2010-07-16 11:33:34 UTC
changes *highlighted*

 1. Navigate to the Monitoring ⇒ Scout Config Push page on the Satellite
   interface and click the name of the *Scout* that will monitor the
   client system. The SSH id_dsa.pub key is visible on the resulting page.

There is always one scout with the same name as RHN Satellite as Satellite is the default Scout, but you may have infinite number of Proxies each with Scout and you can have Scout on Proxy and no Scout on Satellite.


4. From the System Set Manager, click Run remote commands, then in the Script
   text box, type the following line:

 #!/bin/sh
* cat <<EOF >> ~nocpulse/.ssh/authorized_keys *

older rhnmd has home in /opt/nocpulse, new one has home in /var/lib/nocpulse
path ~nocpulse/.ssh/authorized_keys should expand on both old and new systems to correct path.

Everything else is good.

Comment 11 John Ha 2010-08-24 17:50:05 UTC
Made the corrections from Comment #10 to the latest build of the Satellite Reference Guide:

http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.4/html/Reference_Guide/s1-mon-rhnmd.html#s2-mon-rhnmd-ssh

The changes should be published there in the next 24 hours. Thanks again for the feedback!

Comment 12 Miroslav Suchý 2010-09-06 15:37:55 UTC
John you still had there:
#!/bin/sh
cat <<EOF >> /opt/nocpulse/.ssh/authorized_keys                  
ssh-dss AABBAB3NzaC3kc3MABCCBAJ4cmyf5jt/ihdtFbNE1YHsT0np0SYJz7xk
hzoKUUWnZmOUqJ7eXoTbGEcZjZLppOZgzAepw1vUHXfa/L9XiXvsV8K5Qmcu70h0
1gohBIder/1I1QbHMCgfDVFPtfV5eedau4AAACAc99dHbWhk/dMPiWXgHxdI0vT2
SnuozIox2klmfbTeO4Ajn/Ecfxqgs5diat/NIaeoItuGUYepXFoVv8DVL3wpp45E
02hjmp4j2MYNpc6Pc3nPOVntu6YBv+whB0VrsVzeqX89u23FFjTLGbfYrmMQflNi
j8yynGRePIMFhI= root.com
EOF

There should be:
cat <<EOF >> ~nocpulse/.ssh/authorized_keys

I.e. you fixed one instance of this line, but you missed second instance of that line.

Comment 15 Clifford Perry 2010-10-28 14:57:59 UTC
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford


Note You need to log in before you can comment on or make changes to this bug.