Bug 692033

Summary:	can not login to the installer unless selinux=0 is passed on the kernel bootline
Product:	[Fedora] Fedora	Reporter:	Ales Kozumplik <akozumpl>
Component:	openssh	Assignee:	Jan F. Chadima <jchadima>
Status:	CLOSED NEXTRELEASE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	bugzilla, jchadima, jzeleny, mattias.ellert, mgrepl, tmraz
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-04-13 06:08:29 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Ales Kozumplik 2011-03-30 09:27:38 UTC

Description of problem:
Since the 20110216 rawhide compose it is no longer possible to login to the installer via ssh. This is the error (selinux is in permissive according to /etc/selinux/config):

[akozumpl@aklab ~]$ ssh root@ak
Warning: Permanently added 'ak,10.34.39.95' (RSA) to the list of known hosts.
root@ak's password: 
Write failed: Broken pipe

Version-Release number of selected component (if applicable):
Because this still works in the 0215 compose, it can be tracked down to an update in openssh:

in 0215 the packages are:
openssh-clients-5.6p1-30.fc15.x86_64.rpm
openssh-5.6p1-30.fc15.x86_64.rpm
openssh-server-5.6p1-30.fc15.x86_64.rpm

in 0216 the packages are:
openssh-clients-5.8p1-1.fc16.1.x86_64.rpm
openssh-5.8p1-1.fc16.1.x86_64.rpm
openssh-server-5.8p1-1.fc16.1.x86_64.rpm

How reproducible:
always

Steps to Reproduce:
1. boot into the installer with 'sshd' included on the bootline.
2. from another machine do: ssh root@<machine>
  
Actual results:
error, broken pipe, session is closed immediately

Expected results:
logged in, ssh session starts showing a shell

Additional info:
I verified that copying /usr/sbin/sshd from the 0215 to the 0216 compose fixes the problem.

Comment 1 Ales Kozumplik 2011-03-30 10:37:45 UTC

Observation:

it apparently doesn't matter what we set in /etc/selinux/config. permissive or disabled both result in non-working ssh login.

The only thing that workarounds this is setting selinux=0 on the kernel bootline.

Comment 2 Jan F. Chadima 2011-04-04 18:18:54 UTC

please try last rawhide build and report

Comment 3 Ales Kozumplik 2011-04-05 06:05:51 UTC

Hi Jan,

I've got this on my mind, however the official rawhide composes have been failing steadily the last week or so so the latest openssh (and other packages) have not propagated to the mirrors yet.

Will keep this in needinfo and retest asap.

Comment 4 Steve 2011-04-06 07:23:47 UTC

I don't know about the installer but i've the same issue with the system already installed. Since weeks i cannot log-in with gdm or ssh unless selinux=0 is passed on the kernel bootline.

selinux-policy-3.9.16-10.fc15.noarch
libselinux-python-2.0.99-4.fc15.x86_64
libselinux-2.0.99-4.fc15.x86_64
selinux-policy-targeted-3.9.16-10.fc15.noarch
libselinux-utils-2.0.99-4.fc15.x86_64

Comment 5 Jan F. Chadima 2011-04-06 08:54:45 UTC

(In reply to comment #4)
> I don't know about the installer but i've the same issue with the system
> already installed. Since weeks i cannot log-in with gdm or ssh unless selinux=0
> is passed on the kernel bootline.
> 
what is your version of openssh?

Comment 6 Steve 2011-04-06 10:50:50 UTC

openssh-clients-5.6p1-30.fc15.x86_64
openssh-server-5.6p1-30.fc15.x86_64
libssh2-1.2.7-1.fc15.x86_64
openssh-5.6p1-30.fc15.x86_64

Comment 7 Jan F. Chadima 2011-04-06 11:13:35 UTC

(In reply to comment #6)
> openssh-clients-5.6p1-30.fc15.x86_64
> openssh-server-5.6p1-30.fc15.x86_64
> libssh2-1.2.7-1.fc15.x86_64

> openssh-5.6p1-30.fc15.x86_64
this version is not buggy ...

Comment 8 Steve 2011-04-10 07:03:10 UTC

In my case, the bug is fixed with today's update of selinux-*-3.9.16-13.

Comment 9 Ales Kozumplik 2011-04-12 17:08:08 UTC

For Anaconda this seems to be fixed with openssh-5.8p1-25.fc16.1.x86_64.

Comment 10 Jan F. Chadima 2011-04-13 06:08:29 UTC

closing as solved