Permission denied to new user created while doing ssh

The Problem

Getting permission denied when we are trying to do ssh to the system using new user created

$ ssh user1@[ip address]
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

The Solution

On systems running SELinux in enforcing mode, all processes and files are labeled in a way that represents security-relevant information. This information is called the SELinux context.

# getenforce
Enforcing

Wrong Selinux context was used for new home directory.

# ls -ldZ /home/user1/.ssh/
drwx------. user1 user1 unconfined_u:object_r:default_t:s0  /home/user1/.ssh/

# ls -lZ /home/user1/.ssh/authorized_keys .
-rw-------. user1 user1 unconfined_u:object_r:default_t:s0 /home/user1/.ssh/authorized_keys

1. If we compare with a working user we will be able to see the correct context which is “ssh_home_t:

$ ls -lZd /home/opc/.ssh/
drwx------. opc opc unconfined_u:object_r:ssh_home_t:s0 /home/opc/.ssh/

$ ls -lZd /home/opc/.ssh/authorized_keys
-rw-------. opc opc unconfined_u:object_r:ssh_home_t:s0 /home/opc/.ssh/authorized_keys

2. Apply the context “ssh_home_t:” to the new home location:

# chcon -R -t ssh_home_t /home/user1/.ssh/

3. Verify the permissions and SELinux context again:

# ls -lZd /home/user1/.ssh/authorized_keys
-rw-------. user1 user1 unconfined_u:object_r:ssh_home_t:s0 /home/user1/.ssh/authorized_keys

4. Test SSH with user user1:

$ ssh user1@<ip address="">
Last login: Wed Mar 27 19:52:13 2019 from [xx.xx.xx.xx]
-bash-4.2$</ip>

Related Posts

Latest Posts

  • How to Create Index Partitions To Ranged Partitioned Table
  • How to Move Partition Online in Oracle 12c
  • How to add or modify Printer settings in CentOS/RHEL using GUI
  • What is machine-id in Linux