Bug 118052
| Summary: | .ssh/authorized_keys not honoured | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tim Waugh <twaugh> |
| Component: | policy | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.8-10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-03-12 11:13:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This seems to be fixed in policy-1.8-10. If anyone has problems with authorized_keys and 'setenforce 0' "fixes" them it can also be because the .ssh/authorized_keys file is not labeled correctly. Run 'fixfiles --check' and wait a (long) while and then try again. You can use restorecon on individual files. |
Description of problem: After creating .ssh/authorized_keys in my non-root user's home directory on an enforcing installation, using ssh to log in from a user on another machine whose id_dsa.pub is contained in authorized_keys still asks for a password. I get: avc: denied { search } for pid=4036 exe=/usr/sbin/sshd name=.ssh dev=hdb1 ino=748424 scontext=system_u:system_r:sshd_t tcontext=user_u:object_r:user_home_t tclass=dir in the dmesg output, and audit2allow says: allow sshd_t user_home_t:dir { search }; Version-Release number of selected component (if applicable): openssh-3.6.1p2-33 policy-1.8-1 How reproducible: 100%