SSH Key-Based Authentication on RHEL6

Submitted by John on Wed, 2011-02-09 10:28

You've set up your new Red Hat Enterprise Linux 6 box and you can ssh in using passwords with no problem.

But now you want to stop using passwords and start using keys. So you install your keys:

scp .ssh/id_dsa.pub me@example.com:.ssh/authorized_keys

But the system keeps prompting you for a password! The keys don't seem to work at all.

That might be because SELinux is preventing it because the proper attributes are not on the authorized_keys file. Or possibly you have permissions wrong on your .ssh directory. The solution:

cd /home/me
chmod go-rwx .ssh
restorecon -R -v /path/to/.ssh

Restorecon will respond with

restorecon reset /home/me/.ssh context unconfined_u:object_r:user_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /home/me/.ssh/authorized_keys context unconfined_u:object_r:user_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

It's always SELinux, isn't it?

Reference: RHEL6 SSH key

Topic: 
RHEL6

Comments

Submitted by Jonathan (not verified) on Tue, 2012-07-10 11:38.

But of course, this doesn't help if your home dir is in an abnormal location.

I hate SELinux. Gah!

Submitted by James (not verified) on Sat, 2012-11-17 20:20.

Thanks so much for this. The peculiarities of SELinux strike me again.

Submitted by inode0 (not verified) on Tue, 2013-04-30 09:57.

ssh-copy-id rather than scp does the right thing here.

Submitted by John Fulton (not verified) on Sun, 2013-05-26 15:57.

chcon -t ssh_home_t .ssh/
chcon -t ssh_home_t .ssh/authorized_keys