CentOS is ignoring my public key
I am trying to connect to my own CentOS server using SSH; I am able to connect fine with a password; I am trying to connect with my public key, but the server does not attempt public key authentication. I have followed all instructions on this page in the CentOS wiki, and verified the following things:
I am running CentOS 6.0 or later
-
My sshd_config has the following:
PermitRootLogin no PubkeyAuthentication Yes RSAAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
I have created a private key in the .ssh/ folder in my home directory on the client
- The full text of the public key (generated by
ssh-keygen
) takes up a single line in the .ssh/authorized_keys file in my home directory on the server. -
I have the following permission modes set on both client and server:
chmod 700 .ssh chmod 600 .ssh/*
Solution 1:
According this issue report on the CentOS web site, this is caused by an upstream "feature" in SELinux; if SELinux is enforcing, it will prevent the server from using pubkey authentication. There is no indication that this behavior will change in the near future. To see if this problem applies to you, type sestatus
and see if it reports "Current mode" as enforcing
.
I know of two workarounds.
- You can set SELinux to permissive mode. Type
setenforce 0
to change the policy immediately, and then open/etc/selinux/config
and make sureSELINUX=permissive
. -
Restore the file to the correct security context:
restorecon -R -v ~$USER/.ssh