【发布时间】:2021-11-25 04:44:52
【问题描述】:
我尝试四处寻找解决方案,但没有成功。
我现在在 Centos 8 上将 SELinux 设置为 permissive,但如果我将其设置为强制它完全禁用我通过 ssh 进入服务器的能力。这是日记条目:
setroubleshoot[2015]: setroubleshoot generated AVC, exiting to avoid recursion, context=system_u:system_r:kernel_t:s0, AVC scontext=system_u:system_r:kernel_t:s0
setroubleshoot[2015]: audit event
node=<REMOVED> type=AVC msg=audit(1633374382.599:119): avc: denied { dyntransition } for pid=2003 comm="sshd" scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=1
node=<REMOVED> type=SYSCALL msg=audit(1633374382.599:119): arch=c000003e syscall=1 success=yes exit=42 a0=c a1=5655238d6540 a2=2a a3=0 items=0 ppid=1985 pid=2003 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
/etc/sbin/sshd 有以下权限
-rwxr-xr-x。 1根root system_u:object_r:sshd_exec_t:s0 877760 May 27 10:54 sshd
这是我的 sshd 配置
Port <REMOVED FOR PRIVACY>
AddressFamily inet
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
【问题讨论】:
标签: linux ssh selinux centos8 sshd