on my desktop pc (small home server) I upgraded from 15.6 to 16.0 and now I cannot access from my laptop to ftp://user@192.168.1.2/,
I use to access a passwordless key
how can I access again to my ssh?
Selinux is running on the server?
I suppose yes, I upgraded selecting selinux, how can I check?
As root:
sestatus -v
Do you get any errors when executing as root:
ausearch -ts boot -m avc,user_avc,selinux_err,user_selinux_err
server3TW:~ # sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Process contexts:
Current context: unconfined_u:unconfined_r:unconfined_t:s0
Init context: system_u:system_r:init_t:s0
/sbin/agetty system_u:system_r:getty_t:s0-s0:c0.c1023
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023
File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:ld_so_t:s0
server3TW:~ #
ausearch -ts boot -m avc,procuste_avc,selinux_err,procuste_selinux_err
the username is procuste, so I changed user in procuste in the command
server3TW:~ # ausearch -ts boot -m avc,procuste_avc,selinux_err,procuste_selinux_err
Valid message types are: ALL USER LOGIN USER_AUTH USER_ACCT USER_MGMT CRED_ACQ CRED_DISP USER_START USER_END U
SER_AVC USER_CHAUTHTOK USER_ERR CRED_REFR USYS_CONFIG USER_LOGIN USER_LOGOUT ADD_USER DEL_USER ADD_GROUP DEL_G
ROUP DAC_CHECK CHGRP_ID TEST TRUSTED_APP USER_SELINUX_ERR USER_CMD USER_TTY CHUSER_ID GRP_AUTH SYSTEM_BOOT SYS
TEM_SHUTDOWN SYSTEM_RUNLEVEL SERVICE_START SERVICE_STOP GRP_MGMT GRP_CHAUTHTOK MAC_CHECK ACCT_LOCK ACCT_UNLOCK
USER_DEVICE SOFTWARE_UPDATE DAEMON_START DAEMON_END DAEMON_ABORT DAEMON_CONFIG DAEMON_ROTATE DAEMON_RESUME DA
EMON_ACCEPT DAEMON_CLOSE DAEMON_ERR SYSCALL PATH IPC SOCKETCALL CONFIG_CHANGE SOCKADDR CWD EXECVE IPC_SET_PERM
MQ_OPEN MQ_SENDRECV MQ_NOTIFY MQ_GETSETATTR KERNEL_OTHER FD_PAIR OBJ_PID TTY EOE BPRM_FCAPS CAPSET MMAP NETFI
LTER_PKT NETFILTER_CFG SECCOMP PROCTITLE FEATURE_CHANGE KERN_MODULE FANOTIFY TIME_INJOFFSET TIME_ADJNTPVAL BPF
EVENT_LISTENER URINGOP OPENAT2 DM_CTRL DM_EVENT AVC SELINUX_ERR AVC_PATH MAC_POLICY_LOAD MAC_STATUS MAC_CONFI
G_CHANGE MAC_UNLBL_ALLOW MAC_CIPSOV4_ADD MAC_CIPSOV4_DEL MAC_MAP_ADD MAC_MAP_DEL MAC_IPSEC_ADDSA MAC_IPSEC_DEL
SA MAC_IPSEC_ADDSPD MAC_IPSEC_DELSPD MAC_IPSEC_EVENT MAC_UNLBL_STCADD MAC_UNLBL_STCDEL MAC_CALIPSO_ADD MAC_CAL
IPSO_DEL APPARMOR APPARMOR_AUDIT APPARMOR_ALLOWED APPARMOR_DENIED APPARMOR_HINT APPARMOR_STATUS APPARMOR_ERROR
APPARMOR_KILL ANOM_PROMISCUOUS ANOM_ABEND ANOM_LINK ANOM_CREAT INTEGRITY_DATA INTEGRITY_METADATA INTEGRITY_ST
ATUS INTEGRITY_HASH INTEGRITY_PCR INTEGRITY_RULE INTEGRITY_EVM_XATTR INTEGRITY_POLICY_RULE KERNEL ANOM_LOGIN_F
AILURES ANOM_LOGIN_TIME ANOM_LOGIN_SESSIONS ANOM_LOGIN_ACCT ANOM_LOGIN_LOCATION ANOM_MAX_DAC ANOM_MAX_MAC ANOM
_AMTU_FAIL ANOM_RBAC_FAIL ANOM_RBAC_INTEGRITY_FAIL ANOM_CRYPTO_FAIL ANOM_ACCESS_FS ANOM_EXEC ANOM_MK_EXEC ANOM
_ADD_ACCT ANOM_DEL_ACCT ANOM_MOD_ACCT ANOM_ROOT_TRANS ANOM_LOGIN_SERVICE ANOM_LOGIN_ROOT ANOM_ORIGIN_FAILURES
ANOM_SESSION RESP_ANOMALY RESP_ALERT RESP_KILL_PROC RESP_TERM_ACCESS RESP_ACCT_REMOTE RESP_ACCT_LOCK_TIMED RES
P_ACCT_UNLOCK_TIMED RESP_ACCT_LOCK RESP_TERM_LOCK RESP_SEBOOL RESP_EXEC RESP_SINGLE RESP_HALT RESP_ORIGIN_BLOC
K RESP_ORIGIN_BLOCK_TIMED RESP_ORIGIN_UNBLOCK_TIMED USER_ROLE_CHANGE ROLE_ASSIGN ROLE_REMOVE LABEL_OVERRIDE LA
BEL_LEVEL_CHANGE USER_LABELED_EXPORT USER_UNLABELED_EXPORT DEV_ALLOC DEV_DEALLOC FS_RELABEL USER_MAC_POLICY_LO
AD ROLE_MODIFY USER_MAC_CONFIG_CHANGE USER_MAC_STATUS CRYPTO_TEST_USER CRYPTO_PARAM_CHANGE_USER CRYPTO_LOGIN C
RYPTO_LOGOUT CRYPTO_KEY_USER CRYPTO_FAILURE_USER CRYPTO_REPLAY_USER CRYPTO_SESSION CRYPTO_IKE_SA CRYPTO_IPSEC_
SA VIRT_CONTROL VIRT_RESOURCE VIRT_MACHINE_ID VIRT_INTEGRITY_CHECK VIRT_CREATE VIRT_DESTROY VIRT_MIGRATE_IN VI
RT_MIGRATE_OUT
server3TW:~ #You typed the wrong command for ausearch…
This is the command…
No. You have to execute the command exactly as posted by Sauerland…
ok, as it answare no match I thought (badly 
)
here is
server3TW:~ # ausearch -ts boot -m avc,user_avc,selinux_err,user_selinux_err
<no matches>
server3TW:~ # do you get a connection if you use on reboot selinux=0 on the server?
in grub I have enforcing=1 and selinux=0 now
no connection, I get no route to host
sorry, I noted now that my desktop pc after upgrade doesn’t have wired connection (I’m opening a new thread) as it has both wired and wifi if I try with the ip address related to wifi with selinux=1 and enforcing=1
I get connection to ssh
pla@plaTW:~> ssh procuste@192.168.1.102
Have a lot of fun...
procuste@server3TW:~> for now not connection with sftp but I’ll see after wired connection will work
You may check if the sftp subsystem is configured correct with
~ # sshd -T |grep sftp
subsystem sftp /usr/libexec/ssh/sftp-server
run this on the server:
is it configured correctly?
server3TW:~ # sshd -T |grep sftp
subsystem sftp /usr/lib/ssh/sftp-server
server3TW:~ # as ssh works, how can I connect with dolphin inserting sftp://procuste@192.168.1.102/
??
For Leap 16.0 you must use /usr/libexec/ssh/sftp-server
maaaanythanks, it works now
This was the solution. The
sftp-serverexecutable moved from/usr/lib/ssh/sftp-serverto/usr/libexec/ssh/sftp-serverso I had to edit thesubsystem sftpline accordingly in the server side/etc/ssh/sshd_config.
Thank you!
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.