Re: Problems getting rsync over SSH without password

[Aaron Gray <aaronngray.lists@xxxxxxxxxxxxxx>]

2009/10/21 Rick Stevens <ricks@xxxxxxxx>:
> Aaron Gray wrote:
>>
>> Hi,
>>
>> I have two old servers with one mirroring the other using RSYNC over
>> SSH. I did this some time ago.
>>
>> Now coming to replace these servers with two new F11 ones I cannot
>> seem to get the it to work without supplying passwords.
>>
>> I followed my instructions I wrote at the time for RSYNC over SSH, but
>> it still asks for a password even though AFAICS I have set up the
>> certificates correctly.
>>
>> Any help or suggestions welcome,
>
> Make sure that the user's .ssh directory has the correct SELinux contexts as
> well as correct permissions:
>
> $ ls -lZd .ssh
> drwx------. rick rick system_u:object_r:home_ssh_t:s0  .ssh
> $ ls -lZ .ssh
> -rw-------. rick rick system_u:object_r:home_ssh_t:s0  authorized_keys
> -rw-------. rick rick system_u:object_r:home_ssh_t:s0  id_dsa
> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0  id_dsa.keystore
> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0  id_dsa.pub
> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0  known_hosts

Okay, my F11 instillation did not have a .ssh directory, so I am getting :-

[root@yyy ~]# ls -lZd .ssh
drwx------. root root unconfined_u:object_r:admin_home_t:s0 .ssh
[root@yyy ~]# ls -lZ .ssh
-rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 authorized_keys
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0
datacomms-net-key.pub
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 known_hosts

How do I go about changing the unconfined_u's to system_u ?

Thanks,

Aaron



> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -   Whoever said "Money can't buy friends" obviously never brought   -
> -                        donuts to the office.                       -
> ----------------------------------------------------------------------
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines