Redhat Linux 8.5: Upgrading to OpenSSH 9.2 sees '/bin/bash: Permission denied' with root login

Xiaoyu Zou

6/1/24, 9:34 AM

After successfully make-installed OpenSSH from source followed detailed instructions from a post of online community (version checked ok), only to see /bin/bash: Permission denied at root login.

pam_unix(sshd:session): session closed for user root is the sole line logged in /var/log/secure for the login event.

but the root user can login in successfully after using 'setenforce 0'. Has no clue what's wrong here with the upgrade.

i guess it's related to the /etc/pam.d/sshd configuration, here's the content of this file.

#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin

131

0 + 3

ssh

redhat

pam

HBruijn

6/1/24, 9:54 AM

Generally when selecting an enterprise / long term support Linux distribution such as Red Hat Enterprise Linux compiling from source and installing your own versions rather than using the native, tested and supported packages is the wrong thing to do IMHO. - Second RHEL typically comes with enterprise support but that won't help when doing things like this. - Last: I wouldn't be surprised that your custom sshd isn't running with the correct SElinux security context, when you check for instance with the `-Z` option in `ps` is your custom sshd running with the `sshd_t` SELinux type?

Xiaoyu Zou

6/2/24, 2:52 AM

`ps -eZ | grep sshd_t` shows no occurrence, does it mean sshd is not running in SELinuxed security context, and that's why i have to `setenforce 0` for login? so should i use `semanage permissive -a sshd_t` to enable it?

HBruijn

6/2/24, 7:17 AM

I have no idea on what you actually need to do to make a custom sshd run properly with SELinux, but now you've identified the likely root cause of your problems, you're halfway there already, right?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Redhat Linux 8.5: Upgrading to OpenSSH 9.2 sees '/bin/bash: Permission denied' with root login

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.