Bug#492024: openssh-server: Doesn't support authorized_keys with user/role logins

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#492024: openssh-server: Doesn't support authorized_keys with user/role logins
From: Russell Coker <russell@coker.com.au>
Date: Wed, 23 Jul 2008 19:48:53 +1000
Message-id: <[🔎] 20080723094853.20894.76000.reportbug@aeon.coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>, 492024@bugs.debian.org

Package: openssh-server
Version: 1:4.7p1-13
Severity: normal

I have a SE Linux machine where staff_r is the default role for ssh logins.
As you can see from the following if I login without specifying the role then
my /root/.ssh/authorized_keys file is used (as desired).  But if I specify the
role as staff_r (which gives no difference to the session once authentication
is complete - as you can see from the output of "id -Z") it prompts for a
password.

$ ssh root@unstable id -Z
root:staff_r:staff_t:SystemLow-SystemHigh
$ ssh root/staff_r@unstable id -Z
root/staff_r@unstable's password:
root:staff_r:staff_t:SystemLow-SystemHigh

I believe that selecting a role probably should not affect the choice of
authentication method, and definitely should not affect it in the way that
it is currently implemented.

Also it would be good to be able to disable the role selection functionality.

Reply to:

Prev by Date: Bug#474301: openssh: new upstream version (5.1p1)
Next by Date: can't ssh after an upgrade
Previous by thread: openssh: New upstream version available
Next by thread: can't ssh after an upgrade
Index(es):
- Date
- Thread