Bug 823231 - SSH login will state after password entering "Unable to get valid context for root"
SSH login will state after password entering "Unable to get valid context for...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-05-20 00:28 EDT by Ivo Sarak
Modified: 2012-05-27 07:11 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-05-27 07:11:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ivo Sarak 2012-05-20 00:28:41 EDT
Description of problem:
I am unable to SSH into the system. I will be greeted with password prompt, but after providing one I get "Proken Pipe" and "Unable to get valid context for root" message and will get kicked out.

Version-Release number of selected component (if applicable):
Kernel 3.4.0-0.rc6.git3.1.fc18.x86_64

How reproducible:
Always on that system, but not on other machines I have.

Steps to Reproduce:
1. Try to login over SSH;
Actual results:
Locally trying will get me "Broken Pipe" message and remote one:
[root@haskaa ~]# ssh
root@'s password: 
Unable to get valid context for root
Last login: Sun May 20 07:20:53 2012 from haskaa
Connection to closed.
[root@haskaa ~]# 

Expected results:
Terminal prompt.

Additional info:

I removed and reinstalled SSH server, but nothing changed. Also, I have updated several kernel releases, but still the same situation.

[ivo@ragana ~]$ rpm -qa|grep ssh
[ivo@ragana ~]$
Comment 1 Josh Boyer 2012-05-21 09:41:59 EDT
This sounds like an SELinux label issue.  You might want to relable your filesystem.
Comment 2 Daniel Walsh 2012-05-21 09:46:26 EDT

ps -eZ | grep ssh

If it is not running as sshd_t, you probably have a labelling issue.

# touch /.autorelabel; reboot

Should fix the systems labeling.
Comment 3 Ivo Sarak 2012-05-27 07:11:33 EDT
Thanks, it did the trick. Before "touch /.autorelabel; reboot":

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:kernel_t:s0     524 ?        00:00:27 sshd
[root@ragana ~]# 

and after:

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:sshd_t:s0-s0:c0.c1023 1125 ? 00:00:00 sshd
[root@ragana ~]#

I have SELinux in permissive mode. Why it should affect my system work?

Note You need to log in before you can comment on or make changes to this bug.