[fedora-arm] Fedora-Xfce-armhfp-21-20140815-sda.raw.xz problems with sshd
Robert Moskowitz
rgm at htt-consult.com
Fri Aug 15 19:34:44 UTC 2014
My cubieboard2 does not have an rtc, so at boot time the clock is at the
epoche start. Once the network is up, then NTP sets the clock.
So I tried connecting to SSH after the install and got:
Read from socket failed: Connection reset by peer
systemctl status sshd.service, said something about could not read keys,
so I checked and found:
# ls /etc/ssh/ -ls
total 252
240 -rw-r--r--. 1 root root 242153 Jul 18 19:50 moduli
4 -rw-r--r--. 1 root root 2121 Jul 18 19:50 ssh_config
8 -rw-------. 1 root root 4400 Aug 15 14:45 sshd_config
0 -rw-r-----. 1 root ssh_keys 0 Dec 31 1969 ssh_host_ecdsa_key
0 -rw-r--r--. 1 root root 0 Dec 31 1969 ssh_host_ecdsa_key.pub
0 -rw-r-----. 1 root ssh_keys 0 Dec 31 1969 ssh_host_ed25519_key
0 -rw-r--r--. 1 root root 0 Dec 31 1969
ssh_host_ed25519_key.pub
0 -rw-r-----. 1 root ssh_keys 0 Dec 31 1969 ssh_host_rsa_key
0 -rw-r--r--. 1 root root 0 Dec 31 1969 ssh_host_rsa_key.pub
I stopped sshd, deleted the key files, restarted sshd and now:
# ls /etc/ssh/ -ls
total 272
240 -rw-r--r--. 1 root root 242153 Jul 18 19:50 moduli
8 -rw-------. 1 root root 4400 Aug 15 14:45 sshd_config
4 -rw-r-----. 1 root ssh_keys 227 Aug 15 14:53 ssh_host_ecdsa_key
4 -rw-r--r--. 1 root root 162 Aug 15 14:53 ssh_host_ecdsa_key.pub
4 -rw-r-----. 1 root ssh_keys 387 Aug 15 14:53 ssh_host_ed25519_key
4 -rw-r--r--. 1 root root 82 Aug 15 14:53
ssh_host_ed25519_key.pub
4 -rw-r-----. 1 root ssh_keys 1675 Aug 15 14:53 ssh_host_rsa_key
4 -rw-r--r--. 1 root root 382 Aug 15 14:53 ssh_host_rsa_key.pub
And I can connect.
So this is a problem with ssh that it will not properly make the keys
when the system date is that old.
related, I move the sshd port, and update SELinux policy with:
semanage port -a -t ssh_port_t -p tcp 1234
and got the following messages:
[ 1828.788735] SELinux: Permission audit_read in class capability2 not
defined in policy.
[ 1828.796870] SELinux: the above unknown classes and permissions will
be allowed
[ 1829.450779] SELinux: Context
system_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 1831.528160] SELinux: Context
system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 1832.890157] SELinux: Context
unconfined_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 1834.966398] SELinux: Context
unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid
(unmapped).
But it seems to have worked. That is SSH can be reached at the changed
port. And yes, I also did the firewall-cmd for the new port number.
More information about the arm
mailing list