For When You Can't Have The Real Thing
[ start | index | login ]
start > RockyLinux > 8 > SSH Key Exchange Login Fails

SSH Key Exchange Login Fails

Created by dave. Last edited by dave, 120 days ago. Viewed 92 times. #1
[edit] [rdf]


$ ssh there
Warning: Permanently added 'there,' (ECDSA) to the list of known hosts.
user@there: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


SELinux is preventing access to ~user/.ssh/authorized_keys. Confirm in /var/log/audit, there will be something like

type=AVC msg=audit(1642518164.563:299): avc:  denied  { read } for  pid=5129 comm="sshd" name="authorized_keys" dev="sda2" ino=184549634 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file permissive=0

There's also the confirmation that if you do a setenforce 0 it suddenly works.

Problem is that the home directory probably wasn't created in a way that put the SELinux contexts on it. In our case, it is a non-standard home root (ie: /home2/user).


To fix:

# restorecon -R -v /home2
# chcon -R unconfined_u:object_r:user_home_t:s0 /home2
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt