Jakub Jelen wrote on 27-NOV-2019 13:20:25.09
On Tue, 2019-11-26 at 13:27 +0100, Jouk Jansen wrote:
[snip]
Question : why does is work with just running "/usr/sbin/sshd" but not with "systemctl start sshd" ?
This sounds like an issue with selinux permissions on the authorizied keys file or path to it. Configure sshd to run in debug mode by setting LogLevel DEBUG3 in sshd_config, restart the service and retry. The logs will show up in journal and in /var/log/secure pointing the reason why your key was rejected.
You are right. I switched selinux off (setenforce 0) and the problem is gone. I could not find an entry in the journalctl -e output (but maybe I overlooked (too many records)). Perhaps I should look in the selinux logs, but where do I find them?
Regards Jouk
Pax, vel iniusta, utilior est quam iustissimum bellum. (free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.) Epistularum ad Atticum 7.1.4.3)
Touch not the cat bot a glove
------------------------------------------------------------------------------<
Jouk Jansen joukj@hrem.nano.tudelft.nl
Technische Universiteit Delft tttttttttt uu uu ddddddd Kavli Institute of Nanoscience tttttttttt uu uu dd dd Nationaal centrum voor HREM tt uu uu dd dd Lorentzweg 1 tt uu uu dd dd 2628 CJ Delft tt uu uu dd dd Nederland tt uu uu dd dd tel. 31-15-2782272 tt uuuuuuu ddddddd
------------------------------------------------------------------------------<
On Wed, 2019-11-27 at 13:47 +0100, Jouk Jansen wrote:
Jakub Jelen wrote on 27-NOV-2019 13:20:25.09
On Tue, 2019-11-26 at 13:27 +0100, Jouk Jansen wrote:
[snip]
Question : why does is work with just running "/usr/sbin/sshd" but not with "systemctl start sshd" ?
This sounds like an issue with selinux permissions on the authorizied keys file or path to it. Configure sshd to run in debug mode by setting LogLevel DEBUG3 in sshd_config, restart the service and retry. The logs will show up in journal and in /var/log/secure pointing the reason why your key was rejected.
You are right. I switched selinux off (setenforce 0) and the problem is gone. I could not find an entry in the journalctl -e output (but maybe I overlooked (too many records)). Perhaps I should look in the selinux logs, but where do I find them?
Hello. I would start with sshd logs as I described above. The selinux denials are in /var/log/audit/audit.log but they sometimes do not give enough information what is wrong.
Regards,
On 2019-11-28 20:21, Jakub Jelen wrote:
On Wed, 2019-11-27 at 13:47 +0100, Jouk Jansen wrote:
Jakub Jelen wrote on 27-NOV-2019 13:20:25.09
On Tue, 2019-11-26 at 13:27 +0100, Jouk Jansen wrote:
[snip]
Question : why does is work with just running "/usr/sbin/sshd" but not with "systemctl start sshd" ?
This sounds like an issue with selinux permissions on the authorizied keys file or path to it. Configure sshd to run in debug mode by setting LogLevel DEBUG3 in sshd_config, restart the service and retry. The logs will show up in journal and in /var/log/secure pointing the reason why your key was rejected.
You are right. I switched selinux off (setenforce 0) and the problem is gone. I could not find an entry in the journalctl -e output (but maybe I overlooked (too many records)). Perhaps I should look in the selinux logs, but where do I find them?
Hello. I would start with sshd logs as I described above. The selinux denials are in /var/log/audit/audit.log but they sometimes do not give enough information what is wrong.
If you're suggesting this to be a permission issue on authorized_keys wouldn't it be a good idea to request the output of "ls -Z ~/.ssh"?
On 2019-11-28 20:28, Ed Greshko wrote:
If you're suggesting this to be a permission issue on authorized_keys wouldn't it be a good idea to request the output of "ls -Z ~/.ssh"?
Oh, as well as "ls -Zd ~/.ssh"?
On 11/28/19 4:33 AM, Ed Greshko wrote:
On 2019-11-28 20:28, Ed Greshko wrote:
If you're suggesting this to be a permission issue on authorized_keys wouldn't it be a good idea to request the output of "ls -Z ~/.ssh"?
Oh, as well as "ls -Zd ~/.ssh"?
Or combine the results of both using "ls -Za ~/.ssh".
On 2019-11-30 04:34, Samuel Sieb wrote:
On 11/28/19 4:33 AM, Ed Greshko wrote:
On 2019-11-28 20:28, Ed Greshko wrote:
If you're suggesting this to be a permission issue on authorized_keys wouldn't it be a good idea to request the output of "ls -Z ~/.ssh"?
Oh, as well as "ls -Zd ~/.ssh"?
Or combine the results of both using "ls -Za ~/.ssh".
Sure. I would have said that, had I remembered at the time that the context of the ~/.ssh directory was needed as well. :-)
-
Ed Greshko -
Jakub Jelen -
Jouk Jansen -
Samuel Sieb