Re: Q: respecting .ssh/id_rsa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 8 May 2015 20:41, "Conley, Matthew M CTR GXM" <
matthew.m.conley1.ctr@xxxxxxxx> wrote:
>
> chmod 0700 .ssh
> chmod 0600 .ssh/*
>
> Keys can fail if you don't have that setup correctly.
> Also do:
> grep sshd /var/log/audit/audit.log| audit2allow -m sshd
> # Will let you see what modules it will create.
> grep sshd /var/log/audit/audit.log| audit2allow -M sshd
> # Creates the modules
>
> semodule -I sshd.pp
>
> grep ssh /var/log/audit/audit.log| audit2allow -m ssh
> # Will let you see what modules it will create.
> grep ssh /var/log/audit/audit.log| audit2allow -M ssh
> # Creates the modules
>
> semodule -I ssh.pp
>
> sshd is the server; ssh is the client.
>
>

<cleveland>No no no no nooooo </Cleveland>

Blindly running audit2allow and creating modules weakens your security not
enhances it.

If you have not messed up your labeling then SSH will have no problem
reading keys - SSH keys are fully supported under the policy shipped with
CentOS.

If you are mounting your home elsewhere do:

semanage fcontext -a -e /home /mynewspecialhome

restorecon -Rv  /mynewspecialhome

That will fix any selinux labelling issues of your home directories
properly.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux