similar to: SELinux context for ssh host keys?

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote: > > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> So, I decided to run restorecon -v to >> ... >> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context >> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 >> ... >> There is no

On 02/09/2015 11:14 AM, James B. Byrne wrote: > So, I decided to run restorecon -v to > presumably set the SELinux user correctly for the new keys: But that > is not what happened: > > restorecon -v * > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > restorecon reset

Hi, we have installed OpenSSH_3.7.1 in /usr/local. In our environment all machines mount /usr/local via NFS and automounter from a server. Because every machine should use its own keys (otherwise we had to export the directory with root priviledges so that every machine could read the private keys from /usr/local/etc/ssh), we created the keys in /etc/ssh and modified the configuration files

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at

according to the openssh mailing list page, this is the spot to report/discuss bugs and i have a potential one. on the other hand, it is probably something i am not doing correctly. the system is red hat linux 6.2 (yuk) running the openssh rpm i grabbed off of the portable openssh site listing, with sshd version OpenSSH_2.9p2 i have it installed via rpm and when i go to launch sshd it gives me

Has anyone attempted to make SFTP on ProFTPD with SELinux work? I'd like to keep SELinux enabled on this particular system, but I prefer ProFTPD's SFTP solution over OpenSSH. The aureport tool reports the following: 28. 11/05/2014 12:58:58 proftpd unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 4 file getattr system_u:object_r:sshd_key_t:s0 denied 86877 I have the SFTP config setup to just

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 With this change built ok. But patch must be quite different on my platform (see attached) for portable version. And, of course, after autoreconf run. 02.08.2016 10:55, Darren Tucker ?????: > --- a/configure.ac > +++ b/configure.ac > @@ -754,6 +754,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))

From: root <root at chappy.(none)> --- ovirt-node-image.ks | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/ovirt-node-image.ks b/ovirt-node-image.ks index 802b6a5..d698497 100644 --- a/ovirt-node-image.ks +++ b/ovirt-node-image.ks @@ -55,6 +55,22 @@ if [ -f "ovirt-authorized_keys" ]; then chmod 644

Hello openssh developers, I was builiding openssh-4.7p, and it builds successfully with my own prefix (--prefix=/path/to/sshd). The problem is when I execute sshd, it warns about permission being too open: hostname:/path root# /path/to/sshd -t -f /path/to/sshd_config @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

Hi, as the subject says, the below patch just simplifies the host key generation in the Cygwin-specific ssh-host-config script. Rather than testing and generating each key, call ssh-keygen -A. Could somebody with checkin rights please apply? Thanks, Corinna Index: contrib/cygwin/ssh-host-config =================================================================== RCS file:

When doing a make with the portable developer version, I came across this error: ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/opt/etc/moduli|g' -e

I. most of ssh manual and all sshd manual present server and client as one machine, called host. All files mentioned are placed on one machine. This is incorrect, and makes the explanation unclear. For example, man sshd SSH_KNOWN_HOSTS FILE FORMAT suggests to copy keys from /etc/ssh/ssh_host_key.pub into /etc/ssh/ssh_known_hosts, as if those files are on the same machine. II. a general

Hi All, So I tried to upgrade to 2.5.2p2 today. Got this when I stopped/started sshd: Disabling protocol version 2. Could not load host key Re-installed 2.3.0p1 and all was well again. This look familiar to anybody? Thanks, Jim -- Jim Seymour | PGP Public Key available at: jseymour at jimsun.LinxNet.com | http://www.uk.pgp.net/pgpnet/pks-commands.html

One one of my new vmware guests... puppetd -v spits out a bunch of err & warnings about "State group failed"... what does this mean? <snip> info: Caching configuration at /var/lib/puppet/localconfig.yaml err: Could not create root: Could not find a default provider for group warning: file=/etc/yum.repos.d/: State group failed: Could not find a default provider for group

I hope I'm sending this to the correct group for resolution, if not please direct to the appropriate place for openssh problems. I complied openssh-3.5pl.tar on Solaris 8 OS system using gnu. I installed the lastest version of openssl. I did not install /www/gzip.org/zlib because I assumed that I probably have that, since I have gunzip.... Openssh compiled but I kept receiving warnings that

Hello. I've recently installed OpenSSH 2.5.1p1 over a working installation of 2.3.0p1 (both SSH1 and SSH2) and oddly enough I lost SSH2 support. The banner string states SSH-1.5-OpenSSH_2.5.1p1, which needless to say limits me to SSH1... I haven't yet bothered to check any conf files, but since I haven't really made any changes this behavior seems strange to me... Anyway, hope I'm

Here's what I get: bash-2.02# sshd -ddd -p 1234 debug3: Seeding PRNG from /usr/local/libexec/ssh-rand-helper debug1: sshd version OpenSSH_3.5p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM

"Pacelli, Louis M, ALABS" wrote: > > Hi, > I apologize for sending in this problem via email, but I had trouble using bugzilla. Please use openssh-unix-dev at mindrot.org for problems with OpenSSH Portable (ie anything that's not OpenBSD). > I'm trying to install openssh-3.7.1p2 > When I run the configure step, I get the following message: > >