* ssh, ad nauseum
@ 2001-10-09 14:51 Justin R. Smith
2001-10-09 15:30 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Justin R. Smith @ 2001-10-09 14:51 UTC (permalink / raw)
To: selinux
I'm sure people are tired of hearing this, but...
I rebooted my normal (i.e., non-selinux) kernel and ssh'ed to my office
machine from home and was asked for a password (so it didn't use my
'authorized_users' file). Then I remembered that I didn't restore the
vanilla version of the sshd --- I was still using the selinux version.
I then replaced the selinux sshd with the original one and rebooted.
After this ssh worked normally. So, perhaps something in the selinux
sshd is responsible for my little problem (always having to type a
password to use ssh).
--
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ssh, ad nauseum
2001-10-09 14:51 ssh, ad nauseum Justin R. Smith
@ 2001-10-09 15:30 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2001-10-09 15:30 UTC (permalink / raw)
To: Justin R. Smith; +Cc: selinux
On 9 Oct 2001, Justin R. Smith wrote:
> I rebooted my normal (i.e., non-selinux) kernel and ssh'ed to my office
> machine from home and was asked for a password (so it didn't use my
> 'authorized_users' file). Then I remembered that I didn't restore the
> vanilla version of the sshd --- I was still using the selinux version.
>
> I then replaced the selinux sshd with the original one and rebooted.
> After this ssh worked normally. So, perhaps something in the selinux
> sshd is responsible for my little problem (always having to type a
> password to use ssh).
This seems unlikely. The SELinux openssh patch merely changes sshd to
set the security context on the pty and to run the user process with
an appropriate security context.
What version of openssh are you running on the home machine and the office
machine? Are you using the stock RH7.1 programs or a newer openssh package?
If the latter, did you try applying our openssh patch to the newer openssh
package and then configuring, building, and installing that modified
openssh in the same manner that you installed the original one? The
patch applies fine to openssh-2.9.9p2 aside from a reject on a spurious
extra line.
When you generated your keys, did you generate keys for protocol 1 or
protocol 2 (default for ssh-keygen is 1, unless you use the -t option)?
If you are using protocol 1, does 'ssh -1 machine' work for you? What
does 'ssh -v -1 machine' show?
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-10-09 15:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-10-09 14:51 ssh, ad nauseum Justin R. Smith
2001-10-09 15:30 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.