On 8 May 2015 20:41, "Conley, Matthew M CTR GXM" < matthew.m.conley1.ctr at navy.mil> wrote: > > chmod 0700 .ssh > chmod 0600 .ssh/* > > Keys can fail if you don't have that setup correctly. > Also do: > grep sshd /var/log/audit/audit.log| audit2allow -m sshd > # Will let you see what modules it will create. > grep sshd /var/log/audit/audit.log| audit2allow -M sshd > # Creates the modules > > semodule -I sshd.pp > > grep ssh /var/log/audit/audit.log| audit2allow -m ssh > # Will let you see what modules it will create. > grep ssh /var/log/audit/audit.log| audit2allow -M ssh > # Creates the modules > > semodule -I ssh.pp > > sshd is the server; ssh is the client. > > <cleveland>No no no no nooooo </Cleveland> Blindly running audit2allow and creating modules weakens your security not enhances it. If you have not messed up your labeling then SSH will have no problem reading keys - SSH keys are fully supported under the policy shipped with CentOS. If you are mounting your home elsewhere do: semanage fcontext -a -e /home /mynewspecialhome restorecon -Rv /mynewspecialhome That will fix any selinux labelling issues of your home directories properly.