Hi David,
On 2020-03-08 15:30, David Woodyard wrote:
>> I am on Fedora 30 and rex 1.5
FYI, you can now use `dnf -y update Rex --enable-repo=updates-testing`
to install Rex-1.8.2 (current latest) from the updates-testing repos.
Domonic Hopf, the package maintainer, is also looking for feedback/karma
on this link:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2ad1ed20ac
>> I have a systemd process that runs a perl script.
I don't have a systemd machine at hand, but I assume the following:
systemd runs as the root user, and and it runs your perl script as root
user too.
>> qx{rex -f /home/G/rexfile -H RemoteComputer TaskName};
If th above assumptions are true, then I guess this line is being run as
root too. So by default, rex would look for ssh keys of root. That may
or may not what you want to use.
>> I use key_auth only.
I would recommend running rex from your perl script under systemd with
the debug flag, and it should print the authentication details out. It
should not contains sensitive info like passwords, etc., but please
double check and if its fine, post it to some kind of paste service.
Then share the link with us here or IRC, so more people can look at it.
>> It never tries to use key_auth or at least not correctly.
My hypothesis is that it runs as a different user under systemd and
manually on the command line. And because of that, it picks up the wrong
set of ssh keys.
>> running the rex command from command line works correctly.
Is this successful run being executed as a different user than the perl
script in systemd uses?
>I tested several settings and have concluded that when I tries to read
>the
>config file in the user directory (.ssh of course).
>Not always but several times it displayed a permission error for that file.
>I changed it to 777 and that did not help.
By default, ssh blocks using ssh keys if the ownership and permissions
of the key directory are not correct, so I expect `777` would not work
at all (well, at least not without disabling StrictMode ssh configs).
>Rex does knows the user name, computer name the private/public files
>and
>that it should be using key_auth.
I believe you mean the user rex uses to connect to the remote machine.
And I mean the user in whose name rex is being run as a process. These
might be different when run on the command line as a user, and when run
from systemd.
>The debug info that start with the following:
>
>
>> OpenSSH options:
>> [2020-03-08 16:45:41] DEBUG - $VAR1 = [
Yep, that full debug output would be helpful to better understand what's
happening.
>> does not convert the computer name to an ip address or set the port
>> to any
>number.
I'm not sure I fully understand what this means, but it might also
indicate that the rex command might be being executed as a different
user under systemd than the user used to execute it from the command
line.
>any ideas for further testing will be appreciated,
If you need further help, please ping us on IRC. There are more people
who might help further debugging this, and probably in a more effective
way.
cheers,
FErki