2009/10/21 Rick Stevens <ricks@xxxxxxxx>: > Aaron Gray wrote: >> >> 2009/10/21 Rick Stevens <ricks@xxxxxxxx>: >>> >>> Aaron Gray wrote: >>>> >>>> 2009/10/21 Rick Stevens <ricks@xxxxxxxx>: >>>>> >>>>> Aaron Gray wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I have two old servers with one mirroring the other using RSYNC over >>>>>> SSH. I did this some time ago. >>>>>> >>>>>> Now coming to replace these servers with two new F11 ones I cannot >>>>>> seem to get the it to work without supplying passwords. >>>>>> >>>>>> I followed my instructions I wrote at the time for RSYNC over SSH, but >>>>>> it still asks for a password even though AFAICS I have set up the >>>>>> certificates correctly. >>>>>> >>>>>> Any help or suggestions welcome, >>>>> >>>>> Make sure that the user's .ssh directory has the correct SELinux >>>>> contexts >>>>> as >>>>> well as correct permissions: >>>>> >>>>> $ ls -lZd .ssh >>>>> drwx------. rick rick system_u:object_r:home_ssh_t:s0 .ssh >>>>> $ ls -lZ .ssh >>>>> -rw-------. rick rick system_u:object_r:home_ssh_t:s0 authorized_keys >>>>> -rw-------. rick rick system_u:object_r:home_ssh_t:s0 id_dsa >>>>> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0 id_dsa.keystore >>>>> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0 id_dsa.pub >>>>> -rw-r--r--. rick rick system_u:object_r:home_ssh_t:s0 known_hosts >>>> >>>> Okay, my F11 instillation did not have a .ssh directory, so I am getting >>>> :- >>>> >>>> [root@yyy ~]# ls -lZd .ssh >>>> drwx------. root root unconfined_u:object_r:admin_home_t:s0 .ssh >>>> [root@yyy ~]# ls -lZ .ssh >>>> -rw-r-----. root root unconfined_u:object_r:admin_home_t:s0 >>>> authorized_keys >>>> -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 >>>> datacomms-net-key.pub >>>> -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 known_hosts >>>> >>>> How do I go about changing the unconfined_u's to system_u ? >>> >>> As root: >>> >>> # chcon -v -u system_u /path/to/userhome/.ssh/* >>> >>> You can also try (as root): >>> >>> # restorecon -v -R /path/to/userhome/.ssh >> >> Thanks Rick, the 'restorecon' done it nicely :) >> >> RSYNC seems to be working without a password now ! > > No problem. Remember that if you create things under your home > directory, SELinux may not take a liking to it unless you tickle it. > It's bitten me before, so I feel your pain. Generally I check by going putting SELinux into permissive mode. Forgot this time :) Thanks, Aaron -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
