[redhat-lspp] Problem SSH-ing into LSPP system with multiple categories
Kylene Jo Hall
kjhall at us.ibm.com
Fri Jan 26 20:46:12 UTC 2007
I couldn't find anything in /var/log/secure but here is what was
in /var/log/messages from the following attempts:
ssh testuser/user_r/s2:c0.c1 at localhost
ssh testuser/user_r/s2:c0,c1 at localhost
ssh testuser/user_r/s2:c0-c1 at localhost
Jan 26 14:41:40 rheal3a sshd[2646]: Postponed keyboard-interactive for
testuser from 127.0.0.1 port 39420 ssh2
Jan 26 14:41:44 rheal3a sshd[2646]: Postponed keyboard-interactive/pam
for testuser from 127.0.0.1 port 39 420 ssh2
Jan 26 14:41:44 rheal3a sshd[2645]: Accepted keyboard-interactive/pam
for testuser from 127.0.0.1 port 394 20 ssh2
Jan 26 14:41:44 rheal3a sshd[2645]: fatal: deny MLS level s2:c0,c1 (user
range s0-s15:c0.c1023)
Jan 26 14:42:11 rheal3a sshd[2653]: Connection from 127.0.0.1 port 39421
Jan 26 14:42:11 rheal3a sshd[2654]: Postponed keyboard-interactive for
testuser from 127.0.0.1 port 39421 ssh2
Jan 26 14:42:15 rheal3a sshd[2654]: Postponed keyboard-interactive/pam
for testuser from 127.0.0.1 port 39 421 ssh2
Jan 26 14:42:15 rheal3a sshd[2653]: Accepted keyboard-interactive/pam
for testuser from 127.0.0.1 port 394 21 ssh2
Jan 26 14:42:15 rheal3a sshd[2653]: fatal: Failed to get default
security context for testuser.
Jan 26 14:43:35 rheal3a sshd[2662]: Connection from 127.0.0.1 port 39422
Jan 26 14:43:35 rheal3a sshd[2663]: Postponed keyboard-interactive for
testuser from 127.0.0.1 port 39422 ssh2
Jan 26 14:43:39 rheal3a sshd[2663]: Postponed keyboard-interactive/pam
for testuser from 127.0.0.1 port 39 422 ssh2
Jan 26 14:43:39 rheal3a sshd[2662]: Accepted keyboard-interactive/pam
for testuser from 127.0.0.1 port 394 22 ssh2
Jan 26 14:43:39 rheal3a sshd[2662]: fatal: deny MLS level s2:c0.c1 (user
range s0-s15:c0.c1023)
Jan 26 14:44:30 rheal3a sshd[2670]: Connection from 127.0.0.1 port 39423
Jan 26 14:44:31 rheal3a sshd[2671]: Postponed keyboard-interactive for
testuser from 127.0.0.1 port 39423 ssh2
Jan 26 14:44:34 rheal3a sshd[2671]: Postponed keyboard-interactive/pam
for testuser from 127.0.0.1 port 39 423 ssh2
Jan 26 14:44:34 rheal3a sshd[2670]: Accepted keyboard-interactive/pam
for testuser from 127.0.0.1 port 394 23 ssh2
Jan 26 14:44:34 rheal3a sshd[2670]: fatal: Failed to get default
security context for testuser.
Thanks,
Kylie
On Fri, 2007-01-26 at 21:27 +0100, Tomas Mraz wrote:
> On Fri, 2007-01-26 at 12:11 -0800, Kylene Jo Hall wrote:
> > I have been unable to ssh into an LSPP system with multiple categories.
> >
> > For example the following work:
> > ssh testuser/user_r/s2 at localhost
> > ssh testuser/user_r/s2:c0 at localhost
> > ssh testuser/user_r/s2:c1 at localhost
> >
> > But these do not:
> > ssh testuser/user_r/s2:c0.c1 at localhost
> > ssh testuser/user_r/s2:c0,c1 at localhost
> >
> > Policy version: selinux-policy-mls-2.4.6-28.el5
> > Kernel version: kernel-2.6.18-1.3015.2.1.el5.lspp.63
> >
> > We have tested this on multiple architectures to no avail. Any
> > suggestions?
> Could you modify LogLevel in /etc/ssh/sshd_config to DEBUG3 and look
> into the /var/log/secure what messages are there when the login fails?
>
More information about the redhat-lspp
mailing list