Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?)
my bad! sorry! On Wed, Dec 18, 2013 at 12:03 PM, Fabian Deutsch wrote: > Am Mittwoch, den 18.12.2013, 03:16 -0500 schrieb Antoni Segura Puimedon: > > > > - Original Message - > > > From: "Gabi C" > > > To: "Garry Tiedemann" , > users@ovirt.org > > > Sent: Wednesday, December 18, 2013 7:26:16 AM > > > Subject: Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?) > > > > > > Hello! > > > I was just about to reply to the list! :-) > > > I moved to oVirt Node - 3.0.3 - 1.1.fc19 on both nodes an updated the > engine > > > to 3.3.2-1.fc19 and it is working now.For the nodes I performed an > clean > > > install ( i.e. I had to reinitialize the array - ServeRaid controller) > and > > > the only bug I encounter was the one related to ssh-selinux, > circumvented by > > > setenforce 0. > > > Of course, every time I reboot nodes I had to go to console and > manually > > > "setenforce 0" > > > > Is there a bug for the oVirt Node for this? > > Hey, > > yes: https://bugzilla.redhat.com/show_bug.cgi?id=1037939 > And also a patch which should land in the next ovirt-node-iso. > > - fabian > > > > > > > > > > > > > On Wed, Dec 18, 2013 at 5:37 AM, Garry Tiedemann < > > > garrytiedem...@networkvideo.com.au > wrote: > > > > > > > > > > > > Hi Gabi, > > > > > > I saw your post on ovirt-users from last week. > > > > > > I am having that problem too. Have you solved it already? > > > > > > I would be glad to exchange information, perhaps we can help each > other. > > > > > > I hope to hear from you soon. > > > > > > Kind regards, > > > -- > > > > > > > > > > > > > > > Garry Tiedemann > > > IT Manager > > > > > > IT Division | The Network Group | 334 Queensberry St, North Melbourne , > > > Victoria , 3051, Australia > > > Phone (03) 9329 0933 | Email garrytiedem...@networkvideo.com.au | > Website > > > www.thenetworkgroup.com.au > > > > > > > > > The Network Group: One of BRW's 50 most innovative companies for 2013, > > > and winner of the 2013 Rental Group/Business of the Year Award > > > > > > > > > > > > > > > This email message and any accompanying attachments may contain > information > > > that is confidential and is subject to legal privilege. If you are not > the > > > intended recipient, do not read, use, disseminate, distribute or copy > this > > > message or attachments. If you have received this message in error, > please > > > notify the sender immediately and delete this message. Network Video > Home > > > Entertainment Experts accepts no liability for any damage caused by > this > > > email or any electronic transmission. Any views expressed in this > message > > > are those of the individual sender, except where the sender expressly, > and > > > with authority, states them to be the views of 'Network Video Home > > > Entertainment Experts'. > > > > > > > > > > > > ___ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?)
Am Mittwoch, den 18.12.2013, 03:16 -0500 schrieb Antoni Segura Puimedon: > > - Original Message - > > From: "Gabi C" > > To: "Garry Tiedemann" , users@ovirt.org > > Sent: Wednesday, December 18, 2013 7:26:16 AM > > Subject: Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?) > > > > Hello! > > I was just about to reply to the list! :-) > > I moved to oVirt Node - 3.0.3 - 1.1.fc19 on both nodes an updated the engine > > to 3.3.2-1.fc19 and it is working now.For the nodes I performed an clean > > install ( i.e. I had to reinitialize the array - ServeRaid controller) and > > the only bug I encounter was the one related to ssh-selinux, circumvented by > > setenforce 0. > > Of course, every time I reboot nodes I had to go to console and manually > > "setenforce 0" > > Is there a bug for the oVirt Node for this? Hey, yes: https://bugzilla.redhat.com/show_bug.cgi?id=1037939 And also a patch which should land in the next ovirt-node-iso. - fabian > > > > > > > On Wed, Dec 18, 2013 at 5:37 AM, Garry Tiedemann < > > garrytiedem...@networkvideo.com.au > wrote: > > > > > > > > Hi Gabi, > > > > I saw your post on ovirt-users from last week. > > > > I am having that problem too. Have you solved it already? > > > > I would be glad to exchange information, perhaps we can help each other. > > > > I hope to hear from you soon. > > > > Kind regards, > > -- > > > > > > > > > > Garry Tiedemann > > IT Manager > > > > IT Division | The Network Group | 334 Queensberry St, North Melbourne , > > Victoria , 3051, Australia > > Phone (03) 9329 0933 | Email garrytiedem...@networkvideo.com.au | Website > > www.thenetworkgroup.com.au > > > > > > The Network Group: One of BRW's 50 most innovative companies for 2013, > > and winner of the 2013 Rental Group/Business of the Year Award > > > > > > > > > > This email message and any accompanying attachments may contain information > > that is confidential and is subject to legal privilege. If you are not the > > intended recipient, do not read, use, disseminate, distribute or copy this > > message or attachments. If you have received this message in error, please > > notify the sender immediately and delete this message. Network Video Home > > Entertainment Experts accepts no liability for any damage caused by this > > email or any electronic transmission. Any views expressed in this message > > are those of the individual sender, except where the sender expressly, and > > with authority, states them to be the views of 'Network Video Home > > Entertainment Experts'. > > > > > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?)
No, there is no bug for this, or at least I didnt open one. Hoever trying to snif traffic on node - tcpdump - didn't work as I was unable to save traffic files on /root/ - Read-only mounted. Meantime, I upgraded the engine and also reinstall the hypervisors to a higher version and it is OK now, or at lests until I reboot and lost glsuterfs volume! :-( On Wed, Dec 18, 2013 at 10:16 AM, Antoni Segura Puimedon < asegu...@redhat.com> wrote: > > > - Original Message - > > From: "Gabi C" > > To: "Garry Tiedemann" , > users@ovirt.org > > Sent: Wednesday, December 18, 2013 7:26:16 AM > > Subject: Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?) > > > > Hello! > > I was just about to reply to the list! :-) > > I moved to oVirt Node - 3.0.3 - 1.1.fc19 on both nodes an updated the > engine > > to 3.3.2-1.fc19 and it is working now.For the nodes I performed an clean > > install ( i.e. I had to reinitialize the array - ServeRaid controller) > and > > the only bug I encounter was the one related to ssh-selinux, > circumvented by > > setenforce 0. > > Of course, every time I reboot nodes I had to go to console and manually > > "setenforce 0" > > Is there a bug for the oVirt Node for this? > > > > > > > On Wed, Dec 18, 2013 at 5:37 AM, Garry Tiedemann < > > garrytiedem...@networkvideo.com.au > wrote: > > > > > > > > Hi Gabi, > > > > I saw your post on ovirt-users from last week. > > > > I am having that problem too. Have you solved it already? > > > > I would be glad to exchange information, perhaps we can help each other. > > > > I hope to hear from you soon. > > > > Kind regards, > > -- > > > > > > > > > > Garry Tiedemann > > IT Manager > > > > IT Division | The Network Group | 334 Queensberry St, North Melbourne , > > Victoria , 3051, Australia > > Phone (03) 9329 0933 | Email garrytiedem...@networkvideo.com.au | > Website > > www.thenetworkgroup.com.au > > > > > > The Network Group: One of BRW's 50 most innovative companies for 2013, > > and winner of the 2013 Rental Group/Business of the Year Award > > > > > > > > > > This email message and any accompanying attachments may contain > information > > that is confidential and is subject to legal privilege. If you are not > the > > intended recipient, do not read, use, disseminate, distribute or copy > this > > message or attachments. If you have received this message in error, > please > > notify the sender immediately and delete this message. Network Video Home > > Entertainment Experts accepts no liability for any damage caused by this > > email or any electronic transmission. Any views expressed in this message > > are those of the individual sender, except where the sender expressly, > and > > with authority, states them to be the views of 'Network Video Home > > Entertainment Experts'. > > > > > > > > ___ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?)
- Original Message - > From: "Gabi C" > To: "Garry Tiedemann" , users@ovirt.org > Sent: Wednesday, December 18, 2013 7:26:16 AM > Subject: Re: [Users] SSH MAC corrupt (Re: Did you get ovirt working?) > > Hello! > I was just about to reply to the list! :-) > I moved to oVirt Node - 3.0.3 - 1.1.fc19 on both nodes an updated the engine > to 3.3.2-1.fc19 and it is working now.For the nodes I performed an clean > install ( i.e. I had to reinitialize the array - ServeRaid controller) and > the only bug I encounter was the one related to ssh-selinux, circumvented by > setenforce 0. > Of course, every time I reboot nodes I had to go to console and manually > "setenforce 0" Is there a bug for the oVirt Node for this? > > > On Wed, Dec 18, 2013 at 5:37 AM, Garry Tiedemann < > garrytiedem...@networkvideo.com.au > wrote: > > > > Hi Gabi, > > I saw your post on ovirt-users from last week. > > I am having that problem too. Have you solved it already? > > I would be glad to exchange information, perhaps we can help each other. > > I hope to hear from you soon. > > Kind regards, > -- > > > > > Garry Tiedemann > IT Manager > > IT Division | The Network Group | 334 Queensberry St, North Melbourne , > Victoria , 3051, Australia > Phone (03) 9329 0933 | Email garrytiedem...@networkvideo.com.au | Website > www.thenetworkgroup.com.au > > > The Network Group: One of BRW's 50 most innovative companies for 2013, > and winner of the 2013 Rental Group/Business of the Year Award > > > > > This email message and any accompanying attachments may contain information > that is confidential and is subject to legal privilege. If you are not the > intended recipient, do not read, use, disseminate, distribute or copy this > message or attachments. If you have received this message in error, please > notify the sender immediately and delete this message. Network Video Home > Entertainment Experts accepts no liability for any damage caused by this > email or any electronic transmission. Any views expressed in this message > are those of the individual sender, except where the sender expressly, and > with authority, states them to be the views of 'Network Video Home > Entertainment Experts'. > > > > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
I'll try when i'll be back to work i.e. 13 hours from now...
Pe 12.12.2013 15:16, "Alon Bar-Lev" a scris:
>
>
> - Original Message -
> > From: "Gabi C"
> > To: "Alon Bar-Lev"
> > Cc: "Dan Kenigsberg" , users@ovirt.org
> > Sent: Thursday, December 12, 2013 3:13:43 PM
> > Subject: Re: [Users] SSH MAC corrupt
> >
> > I've tried and I' logged in!!
> >
> >
> >
> > sestatus
> > SELinux status: enabled
> > SELinuxfs mount:/sys/fs/selinux
> > SELinux root directory: /etc/selinux
> > Loaded policy name: targeted
> > Current mode: permissive
> > Mode from config file: enforcing
> > Policy MLS status: enabled
> > Policy deny_unknown status: allowed
> > Max kernel policy version: 28
> >
> >
> >
> >
> > Still get those 'denied' in audit.log - node!
>
> Because you are at permissive mode.
>
> Now, what do you get in engine.log in this state when you trying to add
> node via webadmin?
>
> >
> >
> >
> >
> >
> >
> > On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev wrote:
> >
> > >
> > >
> > > - Original Message -
> > > > From: "Gabi C"
> > > > To: "Dan Kenigsberg"
> > > > Cc: users@ovirt.org
> > > > Sent: Thursday, December 12, 2013 2:32:48 PM
> > > > Subject: Re: [Users] SSH MAC corrupt
> > > >
> > > > I confirm that manual ssh works both ways.
> > > >
> > > > I'll try to sniff.
> > >
> > > please try from engine:
> > >
> > > ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node
> > >
> > > this is similar to what engine is trying to do.
> > >
> > > but as far as I see, the problem is within the selinux policy.
> > >
> > > >
> > > >
> > > > On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < dan...@redhat.com>
> > > wrote:
> > > >
> > > >
> > > >
> > > > On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > > > > Hello!
> > > > >
> > > > > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual
> machine
> > > - on
> > > > > esxi 5.5 host - when I try to add ovirt node hypervisor
> > > > > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails
> > > with:
> > > > >
> > > > > /var/log/secure
> > > > >
> > > > >
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session):
> session
> > > closed
> > > > > for user root
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting
> credentials
> > > > > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad
> > > file
> > > > > descriptor
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > and
> > > > >
> > > > > /var/log/audit/audit.log
> > > > >
> > > > > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > > > > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > > > > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > > > > type=SYSCALL msg=audit(1386840940.650:589): arch=c03e
> syscall=61
> > > > > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0
> > > ppid=3834
> > > > > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> > > sgid=0
> > > > > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > > > > subj=system_u:system_r:initrc_t:s0 key=(null)
> > > > >
> > > > >
> > > > > type=AVC msg=audit(1386840940.751:595): avc: denied {
> dyntransition }
> > > > > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > > > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > any ideea?
> > > >
> > > > Does manual ssh from Engine to the node work?
> > > > Could you sniff the traffic to see where it's being garbled?
> > > >
> > > >
> > > > ___
> > > > Users mailing list
> > > > Users@ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > > >
> > >
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
- Original Message -
> From: "Gabi C"
> To: "Alon Bar-Lev"
> Cc: "Dan Kenigsberg" , users@ovirt.org
> Sent: Thursday, December 12, 2013 3:13:43 PM
> Subject: Re: [Users] SSH MAC corrupt
>
> I've tried and I' logged in!!
>
>
>
> sestatus
> SELinux status: enabled
> SELinuxfs mount:/sys/fs/selinux
> SELinux root directory: /etc/selinux
> Loaded policy name: targeted
> Current mode: permissive
> Mode from config file: enforcing
> Policy MLS status: enabled
> Policy deny_unknown status: allowed
> Max kernel policy version: 28
>
>
>
>
> Still get those 'denied' in audit.log - node!
Because you are at permissive mode.
Now, what do you get in engine.log in this state when you trying to add node
via webadmin?
>
>
>
>
>
>
> On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev wrote:
>
> >
> >
> > - Original Message -
> > > From: "Gabi C"
> > > To: "Dan Kenigsberg"
> > > Cc: users@ovirt.org
> > > Sent: Thursday, December 12, 2013 2:32:48 PM
> > > Subject: Re: [Users] SSH MAC corrupt
> > >
> > > I confirm that manual ssh works both ways.
> > >
> > > I'll try to sniff.
> >
> > please try from engine:
> >
> > ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node
> >
> > this is similar to what engine is trying to do.
> >
> > but as far as I see, the problem is within the selinux policy.
> >
> > >
> > >
> > > On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < dan...@redhat.com >
> > wrote:
> > >
> > >
> > >
> > > On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > > > Hello!
> > > >
> > > > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine
> > - on
> > > > esxi 5.5 host - when I try to add ovirt node hypervisor
> > > > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails
> > with:
> > > >
> > > > /var/log/secure
> > > >
> > > >
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session
> > closed
> > > > for user root
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad
> > file
> > > > descriptor
> > > >
> > > >
> > > >
> > > >
> > > > and
> > > >
> > > > /var/log/audit/audit.log
> > > >
> > > > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > > > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > > > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > > > type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
> > > > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0
> > ppid=3834
> > > > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> > sgid=0
> > > > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > > > subj=system_u:system_r:initrc_t:s0 key=(null)
> > > >
> > > >
> > > > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> > > > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > any ideea?
> > >
> > > Does manual ssh from Engine to the node work?
> > > Could you sniff the traffic to see where it's being garbled?
> > >
> > >
> > > ___
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
I've tried and I' logged in!!
sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Still get those 'denied' in audit.log - node!
On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev wrote:
>
>
> - Original Message -
> > From: "Gabi C"
> > To: "Dan Kenigsberg"
> > Cc: users@ovirt.org
> > Sent: Thursday, December 12, 2013 2:32:48 PM
> > Subject: Re: [Users] SSH MAC corrupt
> >
> > I confirm that manual ssh works both ways.
> >
> > I'll try to sniff.
>
> please try from engine:
>
> ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node
>
> this is similar to what engine is trying to do.
>
> but as far as I see, the problem is within the selinux policy.
>
> >
> >
> > On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < dan...@redhat.com >
> wrote:
> >
> >
> >
> > On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > > Hello!
> > >
> > > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine
> - on
> > > esxi 5.5 host - when I try to add ovirt node hypervisor
> > > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails
> with:
> > >
> > > /var/log/secure
> > >
> > >
> > > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session
> closed
> > > for user root
> > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> > > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad
> file
> > > descriptor
> > >
> > >
> > >
> > >
> > > and
> > >
> > > /var/log/audit/audit.log
> > >
> > > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > > type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
> > > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0
> ppid=3834
> > > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0
> > > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > > subj=system_u:system_r:initrc_t:s0 key=(null)
> > >
> > >
> > > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> > > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> > >
> > >
> > >
> > >
> > >
> > > any ideea?
> >
> > Does manual ssh from Engine to the node work?
> > Could you sniff the traffic to see where it's being garbled?
> >
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
- Original Message -
> From: "Gabi C"
> To: "Dan Kenigsberg"
> Cc: users@ovirt.org
> Sent: Thursday, December 12, 2013 2:32:48 PM
> Subject: Re: [Users] SSH MAC corrupt
>
> I confirm that manual ssh works both ways.
>
> I'll try to sniff.
please try from engine:
ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node
this is similar to what engine is trying to do.
but as far as I see, the problem is within the selinux policy.
>
>
> On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < dan...@redhat.com > wrote:
>
>
>
> On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > Hello!
> >
> > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine - on
> > esxi 5.5 host - when I try to add ovirt node hypervisor
> > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:
> >
> > /var/log/secure
> >
> >
> > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session closed
> > for user root
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file
> > descriptor
> >
> >
> >
> >
> > and
> >
> > /var/log/audit/audit.log
> >
> > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
> > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834
> > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > subj=system_u:system_r:initrc_t:s0 key=(null)
> >
> >
> > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> >
> >
> >
> >
> >
> > any ideea?
>
> Does manual ssh from Engine to the node work?
> Could you sniff the traffic to see where it's being garbled?
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
I confirm that manual ssh works both ways.
I'll try to sniff.
On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg wrote:
> On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > Hello!
> >
> > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine -
> on
> > esxi 5.5 host - when I try to add ovirt node hypervisor
> > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:
> >
> > /var/log/secure
> >
> >
> > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session
> closed
> > for user root
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file
> > descriptor
> >
> >
> >
> >
> > and
> >
> > /var/log/audit/audit.log
> >
> > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
> > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834
> > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > subj=system_u:system_r:initrc_t:s0 key=(null)
> >
> >
> > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> >
> >
> >
> >
> >
> > any ideea?
>
> Does manual ssh from Engine to the node work?
> Could you sniff the traffic to see where it's being garbled?
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] SSH MAC corrupt
On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> Hello!
>
> 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine - on
> esxi 5.5 host - when I try to add ovirt node hypervisor
> 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:
>
> /var/log/secure
>
>
> Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session closed
> for user root
> Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file
> descriptor
>
>
>
>
> and
>
> /var/log/audit/audit.log
>
> type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> tcontext=system_u:system_r:initrc_t:s0 tclass=process
> type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
> success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834
> pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> subj=system_u:system_r:initrc_t:s0 key=(null)
>
>
> type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
>
>
>
>
>
> any ideea?
Does manual ssh from Engine to the node work?
Could you sniff the traffic to see where it's being garbled?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
[Users] SSH MAC corrupt
Hello!
1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine - on
esxi 5.5 host - when I try to add ovirt node hypervisor
3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:
/var/log/secure
Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session closed
for user root
Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file
descriptor
and
/var/log/audit/audit.log
type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1386840940.650:589): arch=c03e syscall=61
success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834
pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
any ideea?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
