Tuesday, March 31, 2015

Selinux blocked access via SSH authorized_keys

Selinux blocked access via SSH authorized_keys

How to fix selinux context ?

 

To fix login for users with home in /home:

semanage fcontext -at home_root_t /home
semanage fcontext -at user_home_dir_t /home/user
semanage fcontext -at ssh_home_t /home/user/.ssh
semanage fcontext -at ssh_home_t /home/user/.ssh/authorized_keys
restorecon -Rv /home


For users in other directory than home for example  /data/home
first line because /data is separate file system (without it still did not work)

semanage fcontext -at root_t /data
semanage fcontext -at home_root_t /data/home
semanage fcontext -at
home_user_t /data/home/rarus/
semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/
semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/authorized_keys
restorecon -Rv /data/home


1 comment:

  1. Hi, This is a temp fix a best because this only addresses users that already exist. Users that were granted host access via Ldap policies have their directories created upon login, which will lack the contexts, ths being locked out.

    Your workaround is practical for a few static users, but not hundreds of accounts whose access rights vary weekly.

    ReplyDelete

Cybermap

Internet Storm Center Infocon Status

Internet Storm Center Infocon Status
Internet Storm Center Infocon Status