Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.


  • Setting Up Passwordless SSH Under CentOS 6 Running Selinux
    08/22/2013 8:52PM

    I am setting up a cluster of KVM virtual machines and want to be able to ssh to them as the root user on the vm without having to enter a password.

    The first thing that I did was create keys on the box from which I was going to make connections (A):

    [rchapin@A .ssh]$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/usr/local2/home/rchapin/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.
    Your public key has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.pub.
    The key fingerprint is:
    6a:ca:57:31:23:30:67:8c:9d:de:78:53:14:90:16:6e rchapin@A
    The key's randomart image is:
    +--[ RSA 2048]----+
    |     + .o=o.     |
    |    + *.o .      |
    |     * +E.       |
    |      +.B        |
    |       oS=       |
    |       ..        |
    |      o.         |
    |   . o.          |
    |    o.           |

    After which I scp the id_rsa.pub file to the remote box

    [rchapin@A ~]$ scp ./id_rsa.pub root@B:/root/

    Then ssh to the remote box, create the ~/.ssh directory, copy the contents of the id_rsa.pub file into ~/.ssh/authorized_keys and set the permissions on all of the files.

    [root@B ~]# mkdir .ssh
    [root@B ~]# chmod 700 .ssh
    [root@B ~]# cat ~/id_rsa.pub > authorized_keys
    [root@B ~]# chmod 600 authorized_keys

    The first problem was that it wasn't accepting the key and was giving me the password prompt.

    After a quick search regarding passwordless ssh and Selinux I did the following:

    [root@B .ssh]# restorecon -R -v /root/.ssh/
    restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
    restorecon reset /root/.ssh/authorized_keys2 context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

    Now I received the error:

    [rchapin@A .ssh]$ ssh root@B
    Agent admitted failure to sign using the key.

    Another quick search and all I had to do was add the key on the A box and I was all set

    [rchapin@A.ssh]$ ssh-add
    [rchapin@A.ssh]$ ssh root@B
    Last login: Thu Aug 22 20:40:54 2013 from A
    [root@B ~]#

  • Configuring CentOS to run SELinux in Strict Mode
    08/29/2011 5:05PM

    I am in the process of setting up some CentOS/RHEL 6 servers to run SELinux in strict mode.? What follows are notes, links to online resources and things that I am discovering along the way.? Once I am finished I will go back and re-write it to follow more of a how-to/guide type format.? In the meantime, it might seem a bit disjointed.


    • http://wiki.centos.org/HowTos/SELinux
    • http://fedoraproject.org/wiki/SELinux
    • http://www.centos.org/docs/5/html/Deployment_Guide-en-US/rhlcommon-chapter-0001.html
    • http://www.nsa.gov/research/selinux/index.shtml

    MaintLog Notes:

    • Make sure that the selinux-policy-strict package (and deps) are installed:
    • # yum install selinux-policy-strict
    • After installing the policy I was unable to reboot as I hadn't relabeled the file system properly.? If having problems booting try:
    • # genhomedircon
    • # touch /.autorelabel
    • # reboot
    • After successfully booting with strict mode enabled you will not be able to do the things that you would normally expect as a root user.?This is because your root shell does not have access to the system administrator role.? To do so invoke the newrole command:
    • # newrole -r sysadmin_r
    • LEFTOFF: it seems semanage isn't installed.? I'll need to restart with selinux disabled to install it so that I can sort out running newrole properly:? see: http://www.spinics.net/lists/selinux/msg09681.html
    • Make sure that the semanage package is installed: # yum install libsemanage

Advanced Search