Hide Forgot
Description of problem: The latest openssh-server in Rawhide does not permit me to log in. (Logins on the console work fine.) Version-Release number of selected component (if applicable): openssh-server-5.9p1-18.fc17.i686 selinux-policy-3.10.0-85.fc17.noarch How reproducible: Every time Steps to Reproduce: 1. Update the SSH server to the latest Rawhide, reboot 2. Try to login via SSH (I'm using password auth) 3. Login fails When I type the password correctly, SSH accepts it, but my client immediately reports "Write failed: Broken pipe" for a normal user account. When I try with root, my client doesn't print any messages (but still immediately disconnects.) Actual results: Here's the output in /var/log/secure when this is broken: Feb 10 14:35:45 rawhide sshd[766]: Server listening on 0.0.0.0 port 22. Feb 10 14:35:45 rawhide sshd[766]: Server listening on :: port 22. Feb 10 14:36:39 rawhide sshd[789]: Accepted password for root from 192.168.2.224 port 39553 ssh2 Feb 10 14:36:39 rawhide sshd[789]: pam_selinux(sshd:session): Security context u nconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is not allowed for unconfined_ u:system_r:abrt_helper_t:s0-s0:c0.c1023 Feb 10 14:36:39 rawhide sshd[789]: pam_selinux(sshd:session): Unable to get vali d context for root Feb 10 14:36:39 rawhide sshd[789]: pam_unix(sshd:session): session opened for us er root by (uid=0) Feb 10 14:36:39 rawhide sshd[789]: error: ssh_selinux_setup_pty: security_comput e_relabel: Invalid argument Feb 10 14:36:39 rawhide sshd[793]: ssh_selinux_copy_context: setcon failed with Invalid argument Feb 10 14:36:39 rawhide sshd[793]: fatal: xfree: NULL pointer given as argument Feb 10 14:36:39 rawhide sshd[789]: Received disconnect from 192.168.2.224: 11: d isconnected by user Feb 10 14:36:39 rawhide sshd[789]: pam_unix(sshd:session): session closed for us er root Expected results: After I downgraded openssh to 5.9p1-16.fc17.i686, I'm able to log in successfully. Here's /var/log/secure after the downgrade: Feb 10 14:48:01 rawhide sshd[922]: Server listening on 0.0.0.0 port 22. Feb 10 14:48:01 rawhide sshd[922]: Server listening on :: port 22. Feb 10 14:48:07 rawhide sshd[923]: Accepted password for root from 192.168.2.224 port 39607 ssh2 Feb 10 14:48:07 rawhide sshd[923]: pam_selinux(sshd:session): Security context unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is not allowed for unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 Feb 10 14:48:07 rawhide sshd[923]: pam_selinux(sshd:session): Unable to get valid context for root Feb 10 14:48:07 rawhide sshd[923]: pam_unix(sshd:session): session opened for user root by (uid=0) Feb 10 14:48:07 rawhide sshd[923]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument Since I installed this box months ago, SELinux has always been in permissive mode. I also tried touch /.autorelabel and rebooted, to no effect.
I'm wondering if the recent change in Bug 781634 caused this...
There seems to be two problems here: 1. the security context unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is clearly bogus in both cases 2. the xfree error should be fixed It is related to the change however the real problem is that your system is mislabeled which is perhaps related to bug 789233
sshd ran under unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 due to systemd change which now installs systemd binary to /usr/lib/systemd/systemd, see #788829. Latest systemd update systemd-42-1.fc17 fixed this for me.
Confirmed that updating to the new systemd resolved this issue for me as well.
Confirmed. After I updated to systemd-42-1.fc17 and rebooted, SSH logins work with openssh-server-5.9p1-18.fc17.
Got this problem with openssh-server-5.9p1-26.fc17. Exact same symptoms as original reporter. System was a minimal F17 installation created using BoxGrinder. SELinux relabel, as per https://bugzilla.redhat.com/show_bug.cgi?id=789233#c13 fixed it.
http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?h=f17&id=9c823ca43b0667703d6faae97cf9c7ab753b57a1
openssh-5.9p1-28.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openssh-5.9p1-28.fc17
Package openssh-5.9p1-28.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-28.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19252/openssh-5.9p1-28.fc17 then log in and leave karma (feedback).
openssh-6.1p1-3.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/openssh-6.1p1-3.fc18
openssh-6.1p1-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
openssh-5.9p1-28.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.