Bug 823231

Summary:	SSH login will state after password entering "Unable to get valid context for root"
Product:	[Fedora] Fedora	Reporter:	Ivo Sarak <ivo>
Component:	selinux-policy	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED NOTABUG	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	dominick.grift, dwalsh, gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda, mgrepl
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-05-27 11:11:33 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ivo Sarak 2012-05-20 04:28:41 UTC

Description of problem:
I am unable to SSH into the system. I will be greeted with password prompt, but after providing one I get "Proken Pipe" and "Unable to get valid context for root" message and will get kicked out.

Version-Release number of selected component (if applicable):
Kernel 3.4.0-0.rc6.git3.1.fc18.x86_64

How reproducible:
Always on that system, but not on other machines I have.

Steps to Reproduce:
1. Try to login over SSH;
  
Actual results:
Locally trying will get me "Broken Pipe" message and remote one:
[root@haskaa ~]# ssh 192.168.20.8
root.20.8's password: 
Unable to get valid context for root
Last login: Sun May 20 07:20:53 2012 from haskaa
Connection to 192.168.20.8 closed.
[root@haskaa ~]# 

Expected results:
Terminal prompt.

Additional info:

I removed and reinstalled SSH server, but nothing changed. Also, I have updated several kernel releases, but still the same situation.

[ivo@ragana ~]$ rpm -qa|grep ssh
libssh2-1.4.1-2.fc18.x86_64
openssh-askpass-5.9p1-22.fc18.x86_64
openssh-5.9p1-22.fc18.x86_64
openssh-server-5.9p1-22.fc18.x86_64
libssh-0.5.2-1.fc17.x86_64
trilead-ssh2-213-9.fc17.noarch
openssh-clients-5.9p1-22.fc18.x86_64
ganymed-ssh2-210-11.fc17.noarch
[ivo@ragana ~]$

Comment 1 Josh Boyer 2012-05-21 13:41:59 UTC

This sounds like an SELinux label issue.  You might want to relable your filesystem.

Comment 2 Daniel Walsh 2012-05-21 13:46:26 UTC

Yes. 

ps -eZ | grep ssh

If it is not running as sshd_t, you probably have a labelling issue.

# touch /.autorelabel; reboot

Should fix the systems labeling.

Comment 3 Ivo Sarak 2012-05-27 11:11:33 UTC

Thanks, it did the trick. Before "touch /.autorelabel; reboot":

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:kernel_t:s0     524 ?        00:00:27 sshd
[root@ragana ~]# 

and after:

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:sshd_t:s0-s0:c0.c1023 1125 ? 00:00:00 sshd
[root@ragana ~]#

I have SELinux in permissive mode. Why it should affect my system work?