I have a separate instance of sshd running which I've renamed
extsshd. extsshd has its own config and key files so that
I can maintain a separate policy for connections from the
external world. sshd does connections from inside the lan.
This kind of setup has worked on previous servers very well.
Part of the setup requires creating a symbolic link to the original
# ls -lZ /usr/sbin/*ssh*
lrwxrwxrwx. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/extsshd -> sshd
-rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/sshd
I use a symbolic link instead of copying the binary so that
when ssh is updated, I don't have to re-copy the program.
However, I'm now getting this in the /var/log/secure:
error: rexec of /usr/sbin/extsshd failed: Permission denied
Why is ssh trying to rexec the executable?
Why should it get "Permission denied" given that it's just a link?
Where can I look to try to trace down the cause of this error?
I do NOT get this error if I remove the symbolic link and
simply copy the executable:
# cd /usr/sbin
# cp -iva sshd extsshd
But then I'd have to remember to re-copy the executable each
time an update to ssh occurs.
Dale Dellutri <ddelQQQl...@panQQQix.com> (lose the Q's)