Unable to login with AD user via ssh with AVC denials in audit.log

Solution Verified - Updated -

Issue

  • Unable to login with AD user via ssh, following errors are seen:
mar 07 17:06:31 test-server sshd[110235]: Invalid user testuser123 from 10.26.204.81 port 63511
mar 07 17:06:31 test-server sshd[110235]: input_userauth_request: invalid user testuser123 [preauth]
mar 07 17:06:34 test-server sshd[110235]: Failed password for invalid user testuser123 from 10.26.204.81 port 63511 ssh2

  • Unable to login as AD user, changing SELinux into permissive resolves the issue and user can login successfully.

  • /var/log/audit/audit.log shows following AVC errors during failed login:

type=AVC msg=audit(1520440151.942:52093): avc:  denied  { read } for  pid=155141 comm="sshd" name="hosts" dev="dm-0" ino=2144306 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:svirt_sandbox_file_t:s0 tclass=file

Environment

  • Red Hat Enterprise Linux(RHEL) 7.x
  • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content