Bug 119251 - ssh cannot properly access ~/.Xauthority during remote login
ssh cannot properly access ~/.Xauthority during remote login
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-27 03:50 EST by G.Wolfe Woodbury
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-04 01:51:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
avc messages for ssh connection (2.65 KB, text/plain)
2004-03-27 03:52 EST, G.Wolfe Woodbury
no flags Details
policy-source users file - ggw is admin/staff user (2.53 KB, text/plain)
2004-03-29 12:45 EST, G.Wolfe Woodbury
no flags Details

  None (edit)
Description G.Wolfe Woodbury 2004-03-27 03:50:26 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
ssh login from FC1 to FC2t1 yeilds an error about the .Xauthority file
access:
ggw:~ $ ssh -X tembo.private
ggw@tembo.private's password:
/usr/X11R6/bin/xauth:  timeout in locking authority file
/home/ggw/.Xauthority
[ggw@tembo ggw]$

It does allow the login, but subsequent attempts to use the forwarded
X connection fail noisily:

[ggw@tembo ggw]$ system-config-nfs
X11 connection rejected because of wrong authentication.
[ggw@tembo ggw]$ xhost
X11 connection rejected because of wrong authentication.
X connection to localhost:11.0 broken (explicit kill or server shutdown).
[ggw@tembo ggw]$


Version-Release number of selected component (if applicable):
1.9-15

How reproducible:
Always

Steps to Reproduce:
1. install from development w/policy-1.9-15
2. add users and set up ssh, etc...
3. login remotely and see description
    

Actual Results:  see description

Additional info:

see attached AVCs from /var/log/messages.
Comment 1 G.Wolfe Woodbury 2004-03-27 03:52:39 EST
Created attachment 98899 [details]
avc messages for ssh connection
Comment 2 Daniel Walsh 2004-03-29 11:49:27 EST
WHen you login what is the id of ggw?

It looks like it is running as user_t but logging into a home dir that
is marked staff_t?

Comment 3 G.Wolfe Woodbury 2004-03-29 12:45:54 EST
Created attachment 98939 [details]
policy-source users file - ggw is admin/staff user

user ggw is an admin/staff user.
Comment 4 Daniel Walsh 2004-03-29 12:59:03 EST
user ggw  roles  { staff_r sysadm_r user_r };
should be
user ggw  roles  { staff_r sysadm_r system_r };
Not sure that will solve the problem but could you try it.

Dan
Comment 5 G.Wolfe Woodbury 2004-04-03 01:59:32 EST
seems to be solved by test2 and subsequent updates to policy.16
ssh no longer complains.

Note You need to log in before you can comment on or make changes to this bug.