Bug 692033

Summary: can not login to the installer unless selinux=0 is passed on the kernel bootline
Product: [Fedora] Fedora Reporter: Ales Kozumplik <akozumpl>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: bugzilla, jchadima, jzeleny, mattias.ellert, mgrepl, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-13 02:08:29 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Ales Kozumplik 2011-03-30 05:27:38 EDT
Description of problem:
Since the 20110216 rawhide compose it is no longer possible to login to the installer via ssh. This is the error (selinux is in permissive according to /etc/selinux/config):

[akozumpl@aklab ~]$ ssh root@ak
Warning: Permanently added 'ak,' (RSA) to the list of known hosts.
root@ak's password: 
Write failed: Broken pipe

Version-Release number of selected component (if applicable):
Because this still works in the 0215 compose, it can be tracked down to an update in openssh:

in 0215 the packages are:

in 0216 the packages are:

How reproducible:

Steps to Reproduce:
1. boot into the installer with 'sshd' included on the bootline.
2. from another machine do: ssh root@<machine>
Actual results:
error, broken pipe, session is closed immediately

Expected results:
logged in, ssh session starts showing a shell

Additional info:
I verified that copying /usr/sbin/sshd from the 0215 to the 0216 compose fixes the problem.
Comment 1 Ales Kozumplik 2011-03-30 06:37:45 EDT

it apparently doesn't matter what we set in /etc/selinux/config. permissive or disabled both result in non-working ssh login.

The only thing that workarounds this is setting selinux=0 on the kernel bootline.
Comment 2 Jan F. Chadima 2011-04-04 14:18:54 EDT
please try last rawhide build and report
Comment 3 Ales Kozumplik 2011-04-05 02:05:51 EDT
Hi Jan,

I've got this on my mind, however the official rawhide composes have been failing steadily the last week or so so the latest openssh (and other packages) have not propagated to the mirrors yet.

Will keep this in needinfo and retest asap.
Comment 4 Steve 2011-04-06 03:23:47 EDT
I don't know about the installer but i've the same issue with the system already installed. Since weeks i cannot log-in with gdm or ssh unless selinux=0 is passed on the kernel bootline.

Comment 5 Jan F. Chadima 2011-04-06 04:54:45 EDT
(In reply to comment #4)
> I don't know about the installer but i've the same issue with the system
> already installed. Since weeks i cannot log-in with gdm or ssh unless selinux=0
> is passed on the kernel bootline.
what is your version of openssh?
Comment 6 Steve 2011-04-06 06:50:50 EDT
Comment 7 Jan F. Chadima 2011-04-06 07:13:35 EDT
(In reply to comment #6)
> openssh-clients-5.6p1-30.fc15.x86_64
> openssh-server-5.6p1-30.fc15.x86_64
> libssh2-1.2.7-1.fc15.x86_64

> openssh-5.6p1-30.fc15.x86_64
this version is not buggy ...
Comment 8 Steve 2011-04-10 03:03:10 EDT
In my case, the bug is fixed with today's update of selinux-*-3.9.16-13.
Comment 9 Ales Kozumplik 2011-04-12 13:08:08 EDT
For Anaconda this seems to be fixed with openssh-5.8p1-25.fc16.1.x86_64.
Comment 10 Jan F. Chadima 2011-04-13 02:08:29 EDT
closing as solved