Remote execution fails with error: Authentication failed for user root@1.2.3.4

Solution Unverified - Updated 17 Jun 2024

Environment

Red Hat Satellite 6

Issue

Remote execution (REX) fails with error: Authentication failed for user root@1.2.3.4

Resolution

To fix it, copy key from your satellite server to target host by:

# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub <root@targethost>

For more information about REX, refer to the Host configuration guide

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

Root Cause

Missing keys for remote connection from the Satellite/Capsule server to target host.
Keys copied from a different capsule than that of the keys copied. Example: SSH keys were copied from Capsule1, where the actual REX job is trying to execute through a different capsule i.e. Capsule2.
To specify the same capsule every time during a REX job see How to Specify the Capsule to Use for Remote Execution (ssh)
SSH keys deployed onto the target hosts must be owned by foreman-proxy user and should have permissions as shows below.

# ls -ld /usr/share/foreman-proxy/.ssh/
drwx------. 2 foreman-proxy foreman-proxy 85 Feb 14 11:45 /usr/share/foreman-proxy/.ssh/

# ls -l /usr/share/foreman-proxy/.ssh/
total 12
-rw-------. 1 foreman-proxy foreman-proxy 1675 Feb 27  2018 id_rsa_foreman_proxy
-rw-r--r--. 1 foreman-proxy foreman-proxy  428 Feb 27  2018 id_rsa_foreman_proxy.pub
-rw-r--r--. 1 foreman-proxy foreman-proxy 1693 Feb 14 11:26 known_hosts

NOTE: If SSH keys are deployed onto a different location and with a different name then foreman-proxy user would unable to SSH into the target host and inturn the REX execution would fail.

Diagnostic Steps

Check the dynflow task from Monitor >> Tasks >> click on the REX task >> click Dynflow Console button >> click on Actions::Proxy Action step which should show the following

ssh_user: root
effective_user: root
effective_user_method: sudo
ssh_port: 22
hostname: client.example.com
script: uptime
execution_timeout_interval: 
connection_options:
  retry_interval: 15
  retry_count: 4
  timeout: 60
proxy_url: https://capsule.example.com:9090  ---> this setting governs which capsule to use for REX job execution.
proxy_action_name: ForemanRemoteExecutionCore::Actions::RunScript
locale: en

Remote execution fails with error like:

Error initializing command #<Proxy::RemoteExecution::Ssh::Dispatcher::Command:0x007f680c0853b0>
Net::SSH::AuthenticationFailed Authentication failed for user root@1.2.3.4
Exit status: EXCEPTION

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

foreman

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.