<div dir="ltr"><div>I've tried and I' logged in!!<br><br><br><br>sestatus <br>SELinux status: enabled<br>SELinuxfs mount: /sys/fs/selinux<br>SELinux root directory: /etc/selinux<br>
Loaded policy name: targeted<br>Current mode: permissive<br>Mode from config file: enforcing<br>Policy MLS status: enabled<br>Policy deny_unknown status: allowed<br>
Max kernel policy version: 28<br><br><br><br><br></div>Still get those 'denied' in audit.log - node!<br><br><br><br><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev <span dir="ltr"><<a href="mailto:alonbl@redhat.com" target="_blank">alonbl@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
<br>
----- Original Message -----<br>
> From: "Gabi C" <<a href="mailto:gabicr@gmail.com">gabicr@gmail.com</a>><br>
> To: "Dan Kenigsberg" <<a href="mailto:danken@redhat.com">danken@redhat.com</a>><br>
> Cc: <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Thursday, December 12, 2013 2:32:48 PM<br>
> Subject: Re: [Users] SSH MAC corrupt<br>
><br>
> I confirm that manual ssh works both ways.<br>
><br>
> I'll try to sniff.<br>
<br>
</div>please try from engine:<br>
<br>
ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node<br>
<br>
this is similar to what engine is trying to do.<br>
<br>
but as far as I see, the problem is within the selinux policy.<br>
<div><div class="h5"><br>
><br>
><br>
> On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < <a href="mailto:danken@redhat.com">danken@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:<br>
> > Hello!<br>
> ><br>
> > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine - on<br>
> > esxi 5.5 host - when I try to add ovirt node hypervisor<br>
> > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:<br>
> ><br>
> > /var/log/secure<br>
> ><br>
> ><br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session closed<br>
> > for user root<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials<br>
> > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file<br>
> > descriptor<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > and<br>
> ><br>
> > /var/log/audit/audit.log<br>
> ><br>
> > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for<br>
> > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0<br>
> > tcontext=system_u:system_r:initrc_t:s0 tclass=process<br>
> > type=SYSCALL msg=audit(1386840940.650:589): arch=c000003e syscall=61<br>
> > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834<br>
> > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0<br>
> > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"<br>
> > subj=system_u:system_r:initrc_t:s0 key=(null)<br>
> ><br>
> > ............................<br>
> > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }<br>
> > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0<br>
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process<br>
> > ............<br>
> ><br>
> ><br>
> ><br>
> ><br>
> > any ideea?<br>
><br>
> Does manual ssh from Engine to the node work?<br>
> Could you sniff the traffic to see where it's being garbled?<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
><br>
</blockquote></div><br></div>