Linux 6.1 public key authentication issue

Post date: Nov 27, 2013 9:17:27 PM

The distro is Scientific Linux 6.1 and everything is set up to perform authentication via public key. Yet, when sshd is running as a daemon (service sshd start), it doesn't accept public keys. (To obtain this piece of log, I've changed the sshd script to add the -ddd option)

debug1: trying public key file /root/.ssh/authorized_keys

debug1: restore_uid: 0/0

debug1: temporarily_use_uid: 0/0 (e=0/0)

debug1: trying public key file /root/.ssh/authorized_keys2

debug1: restore_uid: 0/0

Failed publickey for root from xxx.xxx.xxx.xxx port xxxxx ssh2

debug3: mm_answer_keyallowed: key 0x7f266e1a8840 is not allowed

debug3: mm_request_send entering: type 22

debug3: mm_request_receive entering

debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa

debug3: Wrote 64 bytes for a total of 1853

debug1: userauth-request for user root service ssh-connection method publickey

debug1: attempt 2 failures 1

If sshd is run in debug mode (/usr/sbin/sshd -ddd), authentication works like a charm:

debug1: trying public key file /root/.ssh/authorized_keys

debug1: fd 4 clearing O_NONBLOCK

debug1: matching key found: file /root/.ssh/authorized_keys, line 1

Found matching RSA key: d7:3a:08:39:f7:28:dc:ea:f3:71:7c:23:92:02:02:d8

debug1: restore_uid: 0/0

debug3: mm_answer_keyallowed: key 0x7f85527ef230 is allowed

debug3: mm_request_send entering: type 22

debug3: mm_request_receive entering

debug3: Wrote 320 bytes for a total of 2109

debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa

Postponed publickey for root from xxx.xxx.xxx.xxx port xxxxx ssh2

debug1: userauth-request for user root service ssh-connection method publickey

debug1: attempt 2 failures 0

Any ideas?? Has anyone seen anything like this?

To resolve this

Yes, SELinux is likely the cause. 

The .ssh dir is probably mislabeled. Look at/var/log/audit/audit.log. It should be labeled ssh_home_t. Check with ls -laZ. Runrestorecon -r -vv /root/.ssh if need be.

[root@sachi ~]# restorecon -r -vv /home/user/.ssh