Description of problem: If an user generates a ssh key with ed25519 algorithm and uses this key to perform a remote execution via the Satellite, the Dynflow flow task will fail silently and hang indefinitely. Version-Release number of selected component (if applicable): 6.5 How reproducible: When using a key type not supported by the ruby net/ssh. Steps to Reproduce: 1. Generate a ed25519 ssh key su - -s /bin/bash foreman-proxy ssh-keygen -t ed25519 -C "test_key" cd .ssh mv id_ed25519.pub id_rsa_foreman_proxy.pub mv id_ed25519 id_rsa_foreman_proxy 2. Copy the public key to the target machine. 3. Trigger a remote execution job via Satellite web UI. Actual results: Task hang indefinitely or until the job timeout Expected results: Catch the error and the task should fail with proper error message. Additional info: The reason that the job hang is the 'NoImplementError' is not inheriting the 'StandardError' so no exception is caught. irb(main):014:0* begin irb(main):015:1* raise NotImplementedError, "Testing" irb(main):016:1> rescue Exception irb(main):017:1> p "Caught you!" irb(main):018:1> end "Caught you!" => "Caught you!" irb(main):019:0> begin irb(main):020:1* raise NotImplementedError, "Testing" irb(main):021:1> rescue irb(main):022:1> p "Caught you!" irb(main):023:1> end NotImplementedError: Testing from (irb):20 from /usr/bin/irb:12:in `<main>' I attached a script to test run the ssh command directly which helped to reproduce the error. su - -s /bin/bash foreman-proxy scl enable tfm "ruby /tmp/ssh_cmd.rb my-target.example.com root 'sudo sh -c uptime'" <snip> D, [2019-09-01T17:30:15.600578 #25120] DEBUG -- net.ssh.authentication.session[a6c020]: trying publickey Traceback (most recent call last): 14: from /tmp/ssh_cmd.rb:28:in `<main>' 13: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh.rb:237:in `start' 12: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:66:in `authenticate' 11: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:66:in `each' 10: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/session.rb:80:in `block in authenticate' 9: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/methods/publickey.rb:19:in `authenticate' 8: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:101:in `each_identity' 7: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:217:in `load_identities' 6: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:217:in `map' 5: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/key_manager.rb:221:in `block in load_identities' 4: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/key_factory.rb:84:in `load_public_key' 3: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/key_factory.rb:103:in `load_data_public_key' 2: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/buffer.rb:242:in `read_key' 1: from /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/buffer.rb:275:in `read_keyblob' /opt/theforeman/tfm/root/usr/share/gems/gems/net-ssh-4.0.1/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': unsupported key type `ssh-ed25519' (NotImplementedError) net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn't have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0) See https://github.com/net-ssh/net-ssh/issues/478 for more information Gem::MissingSpecError : "Could not find 'rbnacl' (< 5.0, >= 3.2.0) among 202 total gem(s)
Also raised a RFE bug 1747751 to support ed25519 key
Created attachment 1610472 [details] ssh ruby test script
Created redmine issue https://projects.theforeman.org/issues/27769 from this bug
Fix for this was just merged upstream, proposing for 6.10.
Verified on Satellite 6.10 snap 13, using ed25519 as an unsupported key (as 1747751 didn't get in yet). Rex job no longer hangs, it exits with the following message Error initializing command: NotImplementedError - unsupported key type `ssh-ed25519' net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn't have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0) See https://github.com/net-ssh/net-ssh/issues/478 for more information Gem::MissingSpecError : "Could not find 'rbnacl' (>= 3.2.0, < 5.0) among 258 total gem(s) Checked in 'GEM_PATH=/opt/theforeman/tfm/root/usr/share/gems:/usr/share/foreman-proxy/.gem/ruby:/opt/rh/rh-ruby27/root/usr/share/gems:/opt/rh/rh-ruby27/root/usr/local/share/gems', execute `gem env` for more information" Exit status: EXCEPTION
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4702