Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Dale Dellutri
May 1, 2012, 7:18 pm
rate this thread
extsshd. extsshd has its own config and key files so that
I can maintain a separate policy for connections from the
external world. sshd does connections from inside the lan.
This kind of setup has worked on previous servers very well.
Part of the setup requires creating a symbolic link to the original
# ls -lZ /usr/sbin/*ssh*
lrwxrwxrwx. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/extsshd ->
-rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/sshd
I use a symbolic link instead of copying the binary so that
when ssh is updated, I don't have to re-copy the program.
However, I'm now getting this in the /var/log/secure:
error: rexec of /usr/sbin/extsshd failed: Permission denied
Why is ssh trying to rexec the executable?
Why should it get "Permission denied" given that it's just a link?
Where can I look to try to trace down the cause of this error?
I do NOT get this error if I remove the symbolic link and
simply copy the executable:
# cd /usr/sbin
# cp -iva sshd extsshd
But then I'd have to remember to re-copy the executable each
time an update to ssh occurs.
Re: error: rexec of /usr/sbin/extsshd failed: Permission denied
This is from my web site info
http://www.DaleDellutri.com -> Programming
"I've been asked why I needed to make a new init file and a new soft
link to the executable. There are three reasons. First, some of the
subroutines in the init script depend on the executable name being the
same as the service name. Second, when I do a "ps" or something else
that shows statistics by process, I'd be able to tell which ssh daemon
is which. Third, having a new name gives a consistent naming scheme to
all components of the new (RedHat-style) service."
By the way, I'm still getting the error message, but it doesn't seem
to make any difference. It works even with the error message.
- » Re: Forcing public key and password in OpenSSH - a solution
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum