On 8 May 2015 20:41, "Conley, Matthew M CTR GXM" < matthew.m.conley1.ctr@navy.mil> wrote:
chmod 0700 .ssh chmod 0600 .ssh/*
Keys can fail if you don't have that setup correctly. Also do: grep sshd /var/log/audit/audit.log| audit2allow -m sshd # Will let you see what modules it will create. grep sshd /var/log/audit/audit.log| audit2allow -M sshd # Creates the modules
semodule -I sshd.pp
grep ssh /var/log/audit/audit.log| audit2allow -m ssh # Will let you see what modules it will create. grep ssh /var/log/audit/audit.log| audit2allow -M ssh # Creates the modules
semodule -I ssh.pp
sshd is the server; ssh is the client.
<cleveland>No no no no nooooo </Cleveland>
Blindly running audit2allow and creating modules weakens your security not enhances it.
If you have not messed up your labeling then SSH will have no problem reading keys - SSH keys are fully supported under the policy shipped with CentOS.
If you are mounting your home elsewhere do:
semanage fcontext -a -e /home /mynewspecialhome
restorecon -Rv /mynewspecialhome
That will fix any selinux labelling issues of your home directories properly.