Bug 508584

Summary: ssh-copy-id doesn't seem to set correct selinux permissions
Product: [Fedora] Fedora Reporter: Kevin Fenzi <kevin>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dkovalsk, jchadima, mgrepl, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-30 07:10:44 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Kevin Fenzi 2009-06-28 16:20:46 EDT
Using ssh-copy-id to copy a ssh key to a new f11 host that has selinux enabled, the authorized_keys file is created on the remote host with an incorrect context. 

If you login and restorecon -Rv the .ssh directory you can use the key and login. 

[root@revan ~]# ls -laZ .ssh
drwx------. root root unconfined_u:object_r:admin_home_t:s0 .
drwxr-x---. root root system_u:object_r:admin_home_t:s0 ..
-rw-------. root root unconfined_u:object_r:admin_home_t:s0 authorized_keys

[root@revan ~]# restorecon -Rv .ssh
restorecon reset .ssh context unconfined_u:object_r:admin_home_t:s0->system_u:object_r:home_ssh_t:s0
restorecon reset .ssh/authorized_keys context unconfined_u:object_r:admin_home_t:s0->system_u:object_r:home_ssh_t:s0
Comment 1 Jan F. Chadima 2009-07-02 09:23:57 EDT
*** Bug 509138 has been marked as a duplicate of this bug. ***