I couldn't find anything in /var/log/secure but here is what was in /var/log/messages from the following attempts: ssh testuser/user_r/s2:[EMAIL PROTECTED] ssh testuser/user_r/s2:c0,[EMAIL PROTECTED] ssh testuser/user_r/s2:[EMAIL PROTECTED]
Jan 26 14:41:40 rheal3a sshd[2646]: Postponed keyboard-interactive for testuser from 127.0.0.1 port 39420 ssh2 Jan 26 14:41:44 rheal3a sshd[2646]: Postponed keyboard-interactive/pam for testuser from 127.0.0.1 port 39 420 ssh2 Jan 26 14:41:44 rheal3a sshd[2645]: Accepted keyboard-interactive/pam for testuser from 127.0.0.1 port 394 20 ssh2 Jan 26 14:41:44 rheal3a sshd[2645]: fatal: deny MLS level s2:c0,c1 (user range s0-s15:c0.c1023) Jan 26 14:42:11 rheal3a sshd[2653]: Connection from 127.0.0.1 port 39421 Jan 26 14:42:11 rheal3a sshd[2654]: Postponed keyboard-interactive for testuser from 127.0.0.1 port 39421 ssh2 Jan 26 14:42:15 rheal3a sshd[2654]: Postponed keyboard-interactive/pam for testuser from 127.0.0.1 port 39 421 ssh2 Jan 26 14:42:15 rheal3a sshd[2653]: Accepted keyboard-interactive/pam for testuser from 127.0.0.1 port 394 21 ssh2 Jan 26 14:42:15 rheal3a sshd[2653]: fatal: Failed to get default security context for testuser. Jan 26 14:43:35 rheal3a sshd[2662]: Connection from 127.0.0.1 port 39422 Jan 26 14:43:35 rheal3a sshd[2663]: Postponed keyboard-interactive for testuser from 127.0.0.1 port 39422 ssh2 Jan 26 14:43:39 rheal3a sshd[2663]: Postponed keyboard-interactive/pam for testuser from 127.0.0.1 port 39 422 ssh2 Jan 26 14:43:39 rheal3a sshd[2662]: Accepted keyboard-interactive/pam for testuser from 127.0.0.1 port 394 22 ssh2 Jan 26 14:43:39 rheal3a sshd[2662]: fatal: deny MLS level s2:c0.c1 (user range s0-s15:c0.c1023) Jan 26 14:44:30 rheal3a sshd[2670]: Connection from 127.0.0.1 port 39423 Jan 26 14:44:31 rheal3a sshd[2671]: Postponed keyboard-interactive for testuser from 127.0.0.1 port 39423 ssh2 Jan 26 14:44:34 rheal3a sshd[2671]: Postponed keyboard-interactive/pam for testuser from 127.0.0.1 port 39 423 ssh2 Jan 26 14:44:34 rheal3a sshd[2670]: Accepted keyboard-interactive/pam for testuser from 127.0.0.1 port 394 23 ssh2 Jan 26 14:44:34 rheal3a sshd[2670]: fatal: Failed to get default security context for testuser. Thanks, Kylie On Fri, 2007-01-26 at 21:27 +0100, Tomas Mraz wrote: > On Fri, 2007-01-26 at 12:11 -0800, Kylene Jo Hall wrote: > > I have been unable to ssh into an LSPP system with multiple categories. > > > > For example the following work: > > ssh testuser/user_r/[EMAIL PROTECTED] > > ssh testuser/user_r/s2:[EMAIL PROTECTED] > > ssh testuser/user_r/s2:[EMAIL PROTECTED] > > > > But these do not: > > ssh testuser/user_r/s2:[EMAIL PROTECTED] > > ssh testuser/user_r/s2:c0,[EMAIL PROTECTED] > > > > Policy version: selinux-policy-mls-2.4.6-28.el5 > > Kernel version: kernel-2.6.18-1.3015.2.1.el5.lspp.63 > > > > We have tested this on multiple architectures to no avail. Any > > suggestions? > Could you modify LogLevel in /etc/ssh/sshd_config to DEBUG3 and look > into the /var/log/secure what messages are there when the login fails? > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
