The ssh-copy-id command fails with error "No identities found" when distributing ssh key of foreman-proxy user in Red Hat Satellite 6

Solution Verified - Updated

Environment

  • Red Hat Satellite 6
  • Red Hat Capsule 6

Issue

  • The ssh-copy-id command fails with the following error.

    [root@satellite ~]# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub rexuser@172.28.yy.xx
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub"
/usr/bin/ssh-copy-id: ERROR: No identities found

Resolution

Follow the steps from Diagnostic Steps and confirm the availability of the SSH private key file of the foreman-proxy user on the affected Satellite/Capsule server.

Scenario 1:

If the SSH private key file exists and is valid, then

  • Execute the following command to regenerate the public key file on the affected Satellite/Capsule server.

    # su foreman-proxy -s /bin/bash -c 'set -e; \
   keyfile="$HOME/.ssh/id_rsa_foreman_proxy"
   pubkey="$(ssh-keygen -y -f "$keyfile")"
   echo "$pubkey $USER@$(hostname -f)" | tee "$keyfile".pub'

  • Fix the permissions\ownership and restart the applicable services:

    # chmod 644 /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy.pub 
# chown foreman-proxy:foreman-proxy /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy.pub 
# restorecon -RFv /var/lib/foreman-proxy/ssh/
# systemctl restart foreman-proxy

  • Once done, the ssh-copy-id command will start functioning as expected and the remote-execution jobs will be executed properly as well.

Scenario 2:

If both the SSH private and public key files are corrupted or missing for the foreman-proxy user, then

  • Follow the steps from this solution article to generate a new pair of ssh-keys for the foreman-proxy user of the affected Satellite\Capsule server.

  • Re-distribute the new SSH public key to the client hosts from the affected Satellite\Caspsule server by following this solution article or using any other methods.

 

Reach out to This content is not included.Red Hat Technical Support for any further assistance or clarifications required.

Root Cause

The public key file i.e /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub got deleted by mistake or having no content inside it.
Hence the ssh-copy-id command was unable to detect a valid ssh public key to share with the target system.

Diagnostic Steps

  • Execute the following commands on the affected Satellite or capsule server to identify whether the ssh public key is missing or not.

    # curl -s https://$(hostname -f):9090/ssh/pubkey
# cat ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub
# su - postgres -c 'psql foreman -c "select id,name,url,pubkey from smart_proxies;"'

  • Ensure that the ssh private key of the foreman-proxy user is intact and the public key information is retrievable from it.

    # cat ~foreman-proxy/.ssh/id_rsa_foreman_proxy
# file ~foreman-proxy/.ssh/id_rsa_foreman_proxy
# ssh-keygen -y -f ~foreman-proxy/.ssh/id_rsa_foreman_proxy
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.