Bug 428881
Summary: | sshd refuses to accept public key login | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael de Mare <mikey> | ||||||||||
Component: | openssh | Assignee: | Tomas Mraz <tmraz> | ||||||||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | low | ||||||||||||
Version: | 8 | ||||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | ia64 | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2008-01-16 14:45:38 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
Description
Michael de Mare
2008-01-15 20:58:50 UTC
Created attachment 291750 [details]
sshd_config file
Can you please attach logs from ssh -vvv (client) and /usr/sbin/sshd -ddd (server)? Created attachment 291851 [details]
ssh -vvv
Created attachment 291852 [details]
sshd -ddd
The sshd -ddd output is not complete - it doesn't contain log from the whole connection attempt. Created attachment 291855 [details]
extended sshd log
After examining the sshd output I see that the problem is that the permissions aren't set correctly for .ssh Now I upgraded the Fedora 6 system to Fedora 8 and sshd doesn't work with the public key in daemon mode but does in debug mode. Same configuration file. Could it be caused by SELinux? Do you see any AVCs in ausearch -m AVC output? Where do I find ausearch? It doesn't seem to be installed on my system and I can't seem to install it with yum. It is in audit package. You don't have it installed? And is SELinux enabled and enforcing or not? SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted [mikey@mikey-ws ~]$ sudo /sbin/ausearch -m AVC <no matches> [mikey@mikey-ws ~]$ restorecon -R -v <home>/.ssh doesn't help/print anything either? [mikey@mikey-ws ~]$ sudo /sbin/restorecon -R -v $HOME/.ssh /sbin/restorecon reset /home/mikey/.ssh context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/id_rsa context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/id_rsa.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/known_hosts context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/authorized_keys context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/greg-ws context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/id_dsa context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/id_dsa.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/stevens context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/stevens.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/server1.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/palm context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/palm.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/laptop2 context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 /sbin/restorecon reset /home/mikey/.ssh/laptop2.pub context system_u:object_r:file_t:s0->unconfined_u:object_r:unconfined_home_t:s0 Nice, did it help? No, I still get the same error. 'setenforce 0' helps? If yes, 'restorecon -R -v /home/mikey' might help. Otherwise I am really out of ideas what could cause it especially when in debug mode it works fine. `setenforce 0` worked. What should I do for a permanent fix? I am thinking that the selinux problem must be because the /home filesystem was created under FC2, which did not have selinux enabled by default. I upgraded that to FC3. Then I installed FC6 over the system partition (leaving /home intact) and then it broke when I upgraded it to F8. I ran `restorecon -R -v /home/mikey` and then `setenforce 1` and it still works, so I am assuming that this will continue to work after the next reboot. If it doesn't, I will let you know. Thanks. |