search

danfruehauf / NetworkManager-ssh

SSH VPN integration for NetworkManager
Other
253 stars 40 forks source link

Fedora 30 cannot connect #96

Open audetto opened 4 years ago

audetto commented 4 years ago

Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8347] audit: op="connection-activate" uuid="7fb70da3-8aab-49fd-8432-f5bebe36459b" name="VPN 1" pid=9846 uid=1000 result="success" Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8412] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: Started the VPN service, PID 10582 Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8503] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: Saw the service appear; activating connection Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8541] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { execute } for pid=10587 comm="sh" name="ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0 Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { getattr } for pid=10587 comm="sh" path="/usr/sbin/ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0 Oct 11 20:23:38 localhost.localdomain audit[10587]: AVC avc: denied { getattr } for pid=10587 comm="sh" path="/usr/sbin/ifconfig" dev="dm-0" ino=2637124 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file permissive=0 Oct 11 20:23:38 localhost.localdomain audit[10588]: AVC avc: denied { execute_no_trans } for pid=10588 comm="nm-ssh-service" path="/usr/bin/ssh" dev="dm-0" ino=2629201 scontext=system_u:system_r:NetworkManager_ssh_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file permissive=0 Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8583] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN connection: failed to connect: 'Failed to spawn child process “/usr/bin/ssh” (Permission denied)' Oct 11 20:23:38 localhost.localdomain NetworkManager[1184]: [1570821818.8599] vpn-connection[0x5621d4eac4d0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: VPN plugin: state changed: stopped (6)

audetto commented 4 years ago

I can ssh as root into the remote I am using "Key Authentication". If I set "SSH Agent" I get a different error:

Oct 11 20:25:20 localhost.localdomain NetworkManager[1184]: [1570821920.6207] vpn-connection[0x5621d4eac2c0,7fb70da3-8aab-49fd-8432-f5bebe36459b,"VPN 1",0]: final secrets request failed to provide sufficient secrets It seems that I have selinux error around /usr/bin/ssh.

The remote is running CentOS 7.

audetto commented 4 years ago

After disabling selinux to permissive (locally), it works.

audetto commented 4 years ago

Here is F30 bugreport

https://bugzilla.redhat.com/show_bug.cgi?id=1761071

As a side question: is it possible to see all the command issued? There is a good example in the homepage, but I don't think it is complete.

nekohayo commented 9 months ago

According to the downstream report linked above, it seems to have been fixed, so this ticket should be closed?