If you're like me and want to use autossh, you'll ideally want to use ~sshd/.ssh/authorized_keys. This doesn't work out of the box on CentOS 7 at least. SELinux prevents sshd from reading its own authorized_keys. The following fixes it.
semanage fcontext --add -t ssh_home_t '/var/empty/sshd/.ssh(/.*)?' restorecon -vFR .ssh/
Example error message:
setroubleshoot[58151]: SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys. For complete SELinux messages run: sealert -l 5a9832e8-d7c0-4e5d-af15-a977db1232e9 SELinux is preventing /usr/sbin/sshd from read access on the file authorized_keys.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow sshd to have read access on the authorized_keys file#012Then you need to change the label on authorized_keys#012Do#012# semanage fcontext -a -t FILE_TYPE 'authorized_keys'#012where FILE_TYPE is one of the following: [huge list goes here]
No comments:
Post a Comment