Free root access on a SE Linux machine!
To access my Debian play machine ssh to play.coker.com.au
as root, the password is "SELINUX".
I give no-one permission to distribute this password. If you want to share information on this machine you must give the URL to this web site. In some jurisdictions it would be considered a crime to distribute the password without my permission (IE without giving the URL to this web page).
To access the play machine as a Tor hidden service "ssh firstname.lastname@example.org".
Note that such machines require a lot of skill if you are to run them successfully. If you have to ask whether you should run one then the answer is "no".
The aim of this is to demonstrate that all necessary security can be provided by SE Linux without any Unix permissions (however it is still recommended that you use Unix permissions as well for real servers). Also it gives you a chance to login to a SE machine and see what it's like.
When you login to a SE Linux play machine make sure that you use the -x
option to disable X11 forwarding or set ForwardX11 no in your
/etc/ssh/ssh_config file before you login. Also make sure that you use the
-a option to disable ssh agent forwarding or set ForwardAgent no
in your /etc/ssh/ssh_config file before you login.
If you don't correctly disable these settings then logging in to the play machine will put you at risk of being attacked through your SSH client.
There is an IRC channel for discussing this, it is #selinux on irc.freenode.net.
Here is a quick FAQ