[Satellite 6] How to generate new SSH keys for Remote Execution feature.

Solution Verified - Updated

Environment

Red Hat Satellite 6.5 and newer

Issue

New SSH keys for remote executions are required.

Resolution

Generate new SSH keys

# sudo -u foreman-proxy -s /bin/bash
# cd ~
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/share/foreman-proxy/.ssh/id_rsa): /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy
/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.
Your public key has been saved in /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub.

Now restart foreman-proxy service

# systemctl restart foreman-proxy

Refresh Capsule features


# hammer capsule list
-

ID | NAME                         | URL                                       | FEATURES                 
-|-|-|-
1  | satellite.example.com | https://satellite.example.com:9090 | Templates, Pulp, TFTP,...

2  | capsule.example.com | https://capsule.example.com:9090 | Templates, Pulp, TFTP,...
-|-|-|-
# hammer capsule refresh-features --id 1
Smart proxy features were refreshed.

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

Root Cause

Generation of new ssh-keys is not enough for Satellite, there must be also restarted foreman-proxy service and refreshed features on Capsule, without that there will not be loaded new public key to database and all new clients will get orphaned public ssh key.

Diagnostic Steps

Verify if public key in Database and in filesystem are same

# cat /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJTrp2wmlyQ1kFcjS7VZy4RNWJ16gxZTmsAmNIodPSDqt1k5Zrp2fg7NmTDXZQQFhYS5Z2w0rpmkmtSsjtPqoyToYmqs9M8fsFIbCmeBYQfRtfu3nxySovlWLrdoOTO81x8EHNSJ3u5hEy3Q286looSoSHfC89akjgC+aC8iA+UqE+04ilrmNr2NFLY6fKDcL6/GU1jxkTl6pCLhd5qTGZzFZZKR6GIb/hDAUNvTC3GmJMrS1oROuAMLIhbObFFzIb6PeW7qU+uB771PAdzfrYCIgbO3blHjLBrC+/CNElJQgqsk1+/Ya8r5KVu8Msa1pg0uWJlZzspne5hap1EN/DzOolArtB54/CAzQvannxuREqPgRBxpJLhg9e331MKFF9CXP6Io7YHIlv9lD/1li6v9fO7To4LNqnUCecN7ebnybNjkBf7jCkLGixl/aMLA+U7VYyYa1NCJFWIfPnq1azRxlxWEFRl5KSh5qUR0ghJBMc+VjuQAysjwIPE29SpFSXfcT4XJnBWvHIlASEQGNhKA2RwM9G/5/+cL4aRAEs13mb0HTuqII8VfrSy8yshuwF4QobGwNoqo46GbeW1CyNruLJzvYeuliy7MYCCFfSlztACTNRXh8OHPODuDilipJfr1ZwmimeR0g8CbgNatwdHOxNd1qg1LS7YxUkijcyxQ== foreman-proxy@satellite.example com

# su - postgres -c "psql foreman -c\"select id, name, pubkey from smart_proxies;\""
 id |             name             |                                                                                                                                                                                                          
                                                                                                                                                                                   pubkey                                                     
                                                                                                                                                                                                                                              
                                                                                           
----+------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------
  1 | satellite.example.com | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJTrp2wmlyQ1kFcjS7VZy4RNWJ16gxZTmsAmNIodPSDqt1k5Zrp2fg7NmTDXZQQFhYS5Z2w0rpmkmtSsjtPqoyToYmqs9M8fsFIbCmeBYQfRtfu3nxySovlWLrdoOTO81x8EHNSJ3u5hEy3Q286looSoSHfC89akjgC
+aC8iA+UqE+04ilrmNr2NFLY6fKDcL6/GU1jxkTl6pCLhd5qTGZzFZZKR6GIb/hDAUNvTC3GmJMrS1oROuAMLIhbObFFzIb6PeW7qU+uB771PAdzfrYCIgbO3blHjLBrC+/CNElJQgqsk1+/Ya8r5KVu8Msa1pg0uWJlZzspne5hap1EN/DzOolArtB54/CAzQvannxuREqPgRBxpJLhg9e331MKFF9CXP6Io7YHIlv9lD
/1li6v9fO7To4LNqnUCecN7ebnybNjkBf7jCkLGixl/aMLA+U7VYyYa1NCJFWIfPnq1azRxlxWEFRl5KSh5qUR0ghJBMc+VjuQAysjwIPE29SpFSXfcT4XJnBWvHIlASEQGNhKA2RwM9G/5/+cL4aRAEs13mb0HTuqII8VfrSy8yshuwF4QobGwNoqo46GbeW1CyNruLJzvYeuliy7MYCCFfSlztACTNRXh8OHPODuDili
pJfr1ZwmimeR0g8CbgNatwdHOxNd1qg1LS7YxUkijcyxQ== foreman-proxy@satellite.example.com
(1 row)
SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.