Description
When trying to login with ssh to a linux system with selinux enabled, they key is denied although it is listed on /root/.ssh/authorized_keysIn addition to that, the following line is added to /var/log/audit/audit.log:
type=AVC msg=audit(1352486160.413:52975): avc: denied { read } for pid=6059 comm="sshd" name="authorized_keys" dev=dm-0 ino=1966127 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
Solution
Use the following command to fix the authorized_key's selinux permissions:restorecon -v /root/.ssh/authorized_keys
As a side note, also make sure the user and group permissions are current and that the authorized_keys file and .ssh directory only has read/write access to its owner.
If it isn't, you can make it as such:
chown -R root:root /root/.ssh
chmod 700 /root/.ssh && chmod 600 /root/.ssh/authorized_keys
Or for a normal (non-root) user:
chown -R user:user /home/user/.ssh
chmod 700 /home/user/.ssh && chmod 600 /home/user/.ssh/authorized_keys
Affected software:
Linux 2.6.xSELinux