 |
Apparently this is an upstream bug (or "feature"?): http://www.mail-archive.com/linux-390@vm.marist.edu/msg58510.html |
|
|
I've added a line about that in the "known issues" of the release notes. |
|
|
Thanks Wolfy, at least the user has now access to sufficient information to find the root cause of the issue and apply a workaround. There's probably nothing CentOS team can do to fix this if the upstream decides to shove it under the carpet, I reckon. |
|
|
I can confirm that running the command: restorecon -R -v /root/.ssh or restorecon -R -v ~$USER/.ssh "fixes" this issue. I believe this is due to the policy in /etc/selinux/targeted/contexts/users/root Either way - this is an upstream issue, and I believe we should close this ticket. Also, running restorecond will automatically restore the context of this folder should you create these files be created :) |
|
|
For what is worth, ssh-copy-id includes ( since C6 ): { eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1 For the selinux illiterate: the files (mind that directories are also files !) modified by the command have their selinux context properly set to the correct value. |
|
|
The bug also occurs when SeLinux is in DISABLED mode. It's very annoying for people d'ont wanting to activate selinux |
|
|
The bug CANNOT occur if selinux is disabled. You have another issue which might look similar but is different. |
|
|
Sorry, after reading again my authorized_keys file, i left an extra characters in it. I confirm that work with elinux disabled. |
|
|
It also works with selinux enabled when proper contexts are used for the files. |
|
|
More data (fresh install), this is from /var/log/secure: Aug 31 09:31:31 cowfish sshd[5777]: pam_selinux(sshd:session): conversation failed Aug 31 09:31:31 cowfish sshd[5777]: pam_selinux(sshd:session): No response to query: Would you like to enter a security context? [N ] Aug 31 09:31:31 cowfish sshd[5777]: pam_selinux(sshd:session): Unable to get valid context for root Aug 31 09:31:31 cowfish sshd[5777]: pam_unix(sshd:session): session opened for user root by (uid=0) Aug 31 09:33:43 cowfish login: pam_unix(login:session): session closed for user root |
|
|
dmaziuk: you have not provided enough information so I have no idea what specific situation triggered the report from your logs but it cannot be due to the initial problem reported as this bug ( #4959 ). A fresh install does not contain any data in the .ssh/* files, so this specific "bug" ( and I used quotes because it is NOT a bug but a known issue -- or change in the policy enforced by upstream) cannot occur. |
 |
imho this entry should be closed: not a bug but OP error. |
|
|
Oh please. Doesn't everybody copy authorized_keys over to /root/.ssh and set PermitRootLogin to without-password in sshd_config first thing after the initial "remove the cd and reboot"? Don't assume everyone is dumber than you are: I posted it here because the specific situation that produced those log entries was selinux preventing ssh login exactly as described in this bug report. |
 |
As stated by tru, this ticket should have been closed much earlier. Now doing it (closing as "resolved"). |
- Anonymous
