On 10/26/2016 4:31 PM, Chuck Anderson wrote:
> Most likely all you had to do was fix the labels (or in some cases
> enable a boolean). I say this because SELinux policy should already
> exist to allow /usr/sbin/sshd to access authorized_keys--that is a
> very basic function of a common system
Thanks Chuck. It actually does not matter in this case. The workstation is
in a lab and not widely available outside. However, restorecon may be a
better way. I'll try that on another server.
On Wed, Oct 26, 2016 at 4:31 PM, Chuck Anderson wrote:
> Most likely all you had to do
Not wanting to make Dan Walsh weep all over
me(https://stopdisablingselinux.com/), or worse hit me over the head
with my own mallet, I re-enabled selinux and issue this command (as root):
grep sshd /var/log/audit/audit.log | audit2allow -M mypol
And verified it works.
On 10/26/2016 03:07 PM,
It's wierd. I can ssh to the workstation as a non-ldap user
ssh -l
And it authenticates properly. But if I ssh to another host at work where I
have the keys set up. it always goes to password.
On Wed, Oct 26, 2016 at 12:14 PM, Guy Gold wrote:
> Jerry,
>
> Interesting.
>
Unfortunately nothing very interesting.
/var/log/secure on target:
Oct 26 08:30:45 jfeldmanws sudo: : TTY=pts/0 ; PWD=/home/ ;
USER=root ; COMMAND=/bin/tail -f /var/log/secure
Oct 26 08:31:15 jtarget sshd[16073]: Accepted password for from
10.18.41.22 port 57384 ssh2
Oct 26
Any interesting details when using:
"ssh -vvv" on the client
while tailing /var/log/auth.log (or /var/log/secure) on the ssh target ?
On 25 October 2016 at 14:13, Jerry Feldman wrote:
> I have a situation using rsa keys from an ldap user id.
> I have checked the
On 10/25/2016 2:13 PM, Jerry Feldman wrote:
> Also note that I can ssh into the BLU servers as my ldap user, but the BLU
> servers use a local user name, So, there is some system setting on the
> target machine (not SELINUX) that I am missing.
You may have run into a catch-22 with access control
I have a situation using rsa keys from an ldap user id.
I have checked the permissions of my home directories, ~/.ssh, as well as
~/.ssh/authorized_keys.
For instance,, I am logged into my laptop and ssh into the workstation at
my desk, and it always prompts me for my password.
On the same