Bug 823231 - SSH login will state after password entering "Unable to get valid context for root"
Summary: SSH login will state after password entering "Unable to get valid context for...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-20 04:28 UTC by Ivo Sarak
Modified: 2012-05-27 11:11 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-05-27 11:11:33 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Ivo Sarak 2012-05-20 04:28:41 UTC
Description of problem:
I am unable to SSH into the system. I will be greeted with password prompt, but after providing one I get "Proken Pipe" and "Unable to get valid context for root" message and will get kicked out.

Version-Release number of selected component (if applicable):
Kernel 3.4.0-0.rc6.git3.1.fc18.x86_64

How reproducible:
Always on that system, but not on other machines I have.

Steps to Reproduce:
1. Try to login over SSH;
  
Actual results:
Locally trying will get me "Broken Pipe" message and remote one:
[root@haskaa ~]# ssh 192.168.20.8
root.20.8's password: 
Unable to get valid context for root
Last login: Sun May 20 07:20:53 2012 from haskaa
Connection to 192.168.20.8 closed.
[root@haskaa ~]# 

Expected results:
Terminal prompt.

Additional info:

I removed and reinstalled SSH server, but nothing changed. Also, I have updated several kernel releases, but still the same situation.

[ivo@ragana ~]$ rpm -qa|grep ssh
libssh2-1.4.1-2.fc18.x86_64
openssh-askpass-5.9p1-22.fc18.x86_64
openssh-5.9p1-22.fc18.x86_64
openssh-server-5.9p1-22.fc18.x86_64
libssh-0.5.2-1.fc17.x86_64
trilead-ssh2-213-9.fc17.noarch
openssh-clients-5.9p1-22.fc18.x86_64
ganymed-ssh2-210-11.fc17.noarch
[ivo@ragana ~]$

Comment 1 Josh Boyer 2012-05-21 13:41:59 UTC
This sounds like an SELinux label issue.  You might want to relable your filesystem.

Comment 2 Daniel Walsh 2012-05-21 13:46:26 UTC
Yes. 

ps -eZ | grep ssh

If it is not running as sshd_t, you probably have a labelling issue.

# touch /.autorelabel; reboot

Should fix the systems labeling.

Comment 3 Ivo Sarak 2012-05-27 11:11:33 UTC
Thanks, it did the trick. Before "touch /.autorelabel; reboot":

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:kernel_t:s0     524 ?        00:00:27 sshd
[root@ragana ~]# 

and after:

[root@ragana ~]# ps -eZ|grep ssh
system_u:system_r:sshd_t:s0-s0:c0.c1023 1125 ? 00:00:00 sshd
[root@ragana ~]#

I have SELinux in permissive mode. Why it should affect my system work?


Note You need to log in before you can comment on or make changes to this bug.