Re: [Discuss] ssh with rsa keys and ldap

2016-10-29 Thread Matthew Gillen
On 10/26/2016 4:31 PM, Chuck Anderson wrote: > Most likely all you had to do was fix the labels (or in some cases > enable a boolean). I say this because SELinux policy should already > exist to allow /usr/sbin/sshd to access authorized_keys--that is a > very basic function of a common system

Re: [Discuss] ssh with rsa keys and ldap

2016-10-27 Thread Jerry Feldman
Thanks Chuck. It actually does not matter in this case. The workstation is in a lab and not widely available outside. However, restorecon may be a better way. I'll try that on another server. On Wed, Oct 26, 2016 at 4:31 PM, Chuck Anderson wrote: > Most likely all you had to do

Re: [Discuss] ssh with rsa keys and ldap

2016-10-26 Thread Jerry Feldman
Not wanting to make Dan Walsh weep all over me(https://stopdisablingselinux.com/), or worse hit me over the head with my own mallet, I re-enabled selinux and issue this command (as root): grep sshd /var/log/audit/audit.log | audit2allow -M mypol And verified it works. On 10/26/2016 03:07 PM,

Re: [Discuss] ssh with rsa keys and ldap

2016-10-26 Thread Jerry Feldman
It's wierd. I can ssh to the workstation as a non-ldap user ssh -l And it authenticates properly. But if I ssh to another host at work where I have the keys set up. it always goes to password. On Wed, Oct 26, 2016 at 12:14 PM, Guy Gold wrote: > Jerry, > > Interesting. >

Re: [Discuss] ssh with rsa keys and ldap

2016-10-26 Thread Jerry Feldman
Unfortunately nothing very interesting. /var/log/secure on target: Oct 26 08:30:45 jfeldmanws sudo: : TTY=pts/0 ; PWD=/home/ ; USER=root ; COMMAND=/bin/tail -f /var/log/secure Oct 26 08:31:15 jtarget sshd[16073]: Accepted password for from 10.18.41.22 port 57384 ssh2 Oct 26

Re: [Discuss] ssh with rsa keys and ldap

2016-10-25 Thread Guy Gold
Any interesting details when using: "ssh -vvv" on the client while tailing /var/log/auth.log (or /var/log/secure) on the ssh target ? On 25 October 2016 at 14:13, Jerry Feldman wrote: > I have a situation using rsa keys from an ldap user id. > I have checked the

Re: [Discuss] ssh with rsa keys and ldap

2016-10-25 Thread Rich Pieri
On 10/25/2016 2:13 PM, Jerry Feldman wrote: > Also note that I can ssh into the BLU servers as my ldap user, but the BLU > servers use a local user name, So, there is some system setting on the > target machine (not SELINUX) that I am missing. You may have run into a catch-22 with access control

[Discuss] ssh with rsa keys and ldap

2016-10-25 Thread Jerry Feldman
I have a situation using rsa keys from an ldap user id. I have checked the permissions of my home directories, ~/.ssh, as well as ~/.ssh/authorized_keys. For instance,, I am logged into my laptop and ssh into the workstation at my desk, and it always prompts me for my password. On the same