Description of problem: [nix@achilles .ssh]$ ssh-keygen -q -t rsa Enter file in which to save the key (/home/nix/.ssh/id_rsa): Could not create directory '/home/nix/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: open /home/nix/.ssh/id_rsa failed: Permission denied. Saving the key failed: /home/nix/.ssh/id_rsa. Oct 29 08:47:20 achilles kernel: audit(1162129640.406:25): avc: denied { search } for pid=24939 comm="ssh-keygen" name="home" dev=hda1 ino=2681729 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Oct 29 08:47:20 achilles kernel: audit(1162129640.426:26): avc: denied { search } for pid=24939 comm="ssh-keygen" name="home" dev=hda1 ino=2681729 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Oct 29 08:47:20 achilles kernel: audit(1162129640.446:27): avc: denied { search } for pid=24939 comm="ssh-keygen" name="home" dev=hda1 ino=2681729 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Oct 29 08:47:23 achilles kernel: audit(1162129643.310:28): avc: denied { search } for pid=24939 comm="ssh-keygen" name="home" dev=hda1 ino=2681729 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir [nix@achilles .ssh]$ ssh-keygen -q -f /tmp/test_key_rsa -t rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: open /tmp/test_key_rsa failed: Permission denied. Saving the key failed: /tmp/test_key_rsa. Oct 29 08:48:55 achilles kernel: audit(1162129735.772:29): avc: denied { search } for pid=25474 comm="ssh-keygen" name="tmp" dev=hda1 ino=3532033 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir Oct 29 08:48:57 achilles kernel: audit(1162129737.096:30): avc: denied { search } for pid=25474 comm="ssh-keygen" name="tmp" dev=hda1 ino=3532033 scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir In other words, ssh-keygen is not allowed to look in the user's home directory (because it's inside the home directories' root), nor in /tmp. Thus it cannot place the generated key anywhere useful. Version-Release number of selected component (if applicable): openssh-4.3p2-10 selinux-policy-2.4.1-3.fc6 How reproducible: Always Steps to Reproduce: 1. ssh-keygen -q -t rsa # To produce first failure 2. ssh-keygen -q -f /tmp/test_key_rsa -t rsa # To produce second failure 3. Actual results: SElinux policy prevents key file creation. Expected results: SElinux policy allows key file creation. Additional info:
This looks like a labeleing problem. Sorry about dropping the ball on this one. touch /.autorelabel reboot Should fix the problem