Package: openssh-server
Version: 1:4.7p1-13
Severity: normal
I have a SE Linux machine where staff_r is the default role for ssh logins.
As you can see from the following if I login without specifying the role then
my /root/.ssh/authorized_keys file is used (as desired). But if I specify the
role as staff_r (which gives no difference to the session once authentication
is complete - as you can see from the output of "id -Z") it prompts for a
password.
$ ssh root@unstable id -Z
root:staff_r:staff_t:SystemLow-SystemHigh
$ ssh root/staff_r@unstable id -Z
root/staff_r@unstable's password:
root:staff_r:staff_t:SystemLow-SystemHigh
I believe that selecting a role probably should not affect the choice of
authentication method, and definitely should not affect it in the way that
it is currently implemented.
Also it would be good to be able to disable the role selection functionality.
--
To UNSUBSCRIBE, email to
debian-ssh-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
