(2022-01-18)
Problem
$ ssh there
Warning: Permanently added 'there,10.240.0.10' (ECDSA) to the list of known hosts.
user@there: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Details
SELinux is preventing access to ~user/.ssh/authorized_keys. Confirm in /var/log/audit, there will be something like
type=AVC msg=audit(1642518164.563:299): avc: denied { read } for pid=5129 comm="sshd" name="authorized_keys" dev="sda2" ino=184549634 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0
There's also the confirmation that if you do a
setenforce 0 it suddenly works.
Problem is that the home directory probably wasn't created in a way that put the SELinux contexts on it. In our case, it is a non-standard home root (ie: /home2/user).
Solution
To fix:
# restorecon -R -v /home2
# chcon -R unconfined_u:object_r:user_home_t:s0 /home2