pages/yubikey: remove note on setting secontext

The access to the ~/.yubico directory is done using the PAM module, not
sshd directly. PAM sets the context of that directory to auth_home_t
which PAM is allowed to access. No need to set the context to
ssh_home_t.

Apart from that using chcon is a volatile operation and not intended for
persistent changes which was the intent of the note though. The label
would be reset in a system recovery scenario.
This commit is contained in:
w4tsn 2023-02-17 20:14:38 +01:00
parent 93f06ff422
commit 4274f89f00
No known key found for this signature in database

View file

@ -82,11 +82,6 @@ If you have SELinux on the enforcing mode (the default mode), you should flip on
[source, bash] [source, bash]
[…]$ sudo setsebool -P allow_ypbind=1 […]$ sudo setsebool -P allow_ypbind=1
Also, in order to allow sshd to access /root/.yubico/authorized_yubikeys, you should change its context:
[source, bash]
[…]$ chcon -R system_u:object_r:ssh_home_t:s0 /root/.yubico
==== ====
For challenge-response use the following: For challenge-response use the following: