Selinux blocked access via SSH authorized_keys

Selinux blocked access via SSH authorized_keys

How to fix selinux context ?

 

To fix login for users with home in /home:

semanage fcontext -at home_root_t /home
semanage fcontext -at user_home_dir_t /home/user
semanage fcontext -at ssh_home_t /home/user/.ssh
semanage fcontext -at ssh_home_t /home/user/.ssh/authorized_keys
restorecon -Rv /home


For users in other directory than home for example  /data/home
first line because /data is separate file system (without it still did not work)

semanage fcontext -at root_t /data
semanage fcontext -at home_root_t /data/home
semanage fcontext -at
home_user_t /data/home/rarus/
semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/
semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/authorized_keys
restorecon -Rv /data/home


Comments

  1. Hi, This is a temp fix a best because this only addresses users that already exist. Users that were granted host access via Ldap policies have their directories created upon login, which will lack the contexts, ths being locked out.

    Your workaround is practical for a few static users, but not hundreds of accounts whose access rights vary weekly.

    ReplyDelete

Post a Comment

Popular posts from this blog

How to clean DB from old logs in Magento 1.x

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

Apache 2.4 + mod_wsgi + Python 3.7 + Django installation on Centos 7.10