Skip to main content

SElinux SSH Pubkey Bug

(14 February 2013)

Problem

CentOS 6 is not accepting pubkey login attempts.

Solution

SElinux has a bug which rejects the credentials when it is set to Enforcing mode.

To fix, either

  • disable SElinux; or
  • apply the correct SElinux context as follows:
    [root@node01 ~]# ssh root@node02 'restorecon -R -v /root/.ssh'
    restorecon reset /root/.ssh context system_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0
    restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0

(Source)