starting sshd: /etc/ssh/sshd_config: permission denied

I am running a Centos machine in Amazon cloud. Suddenly, I can't ssh into it. Fortunately, there is R Studio running that includes an ability to run BASH shell. So, I see in /var/log/boot.log that sshd failed to start.

When I run it from the command line sudo service sshd start I get an error that Starting sshd: /etc/ssh/sshd_config: Permission denied. I tried to set sshd_config permissions to either 644 or 600 - but I get the same error. Also I tried sudo su - and then start service.

And it is not the limitation of the shell itself: I can start httpd without any problems.

I don't even know what else to try...


Solution 1:

I was faced with the same issue, and thanks to Felix answer, I could confirm that it was also an SELINUX error :

# grep "sshd_config" /var/log/audit/audit.log
...
type=AVC msg=audit(1585907328.579:143): avc:  denied  { read } for  pid=1207 comm="sshd" name="sshd_config" dev="dm-0" ino=443439 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
...

I was then able to solve the error by restoring the default contexts:

# restorecon /etc/ssh/sshd_config

That way SELINUX didn't need to be disabled.

Solution 2:

This is what happened... There was a problem with the image (specifics here: https://bugzilla.redhat.com/show_bug.cgi?id=956531). So, as part of troubleshooting I mounted the EBS drive on a different machine, and "cleaned" sshd_config. That caused SELINUX to deny access to this file, and the error message was caused by SELINUX; not by file permissions. Once I disabled SELINUX, sshd came up fine.

World is saved :)