SSH keys don't work on a fresh install of CentOS

Tagged CentOS, SSH
on (1 min read)

On a standard default install of CentOS 6.3 I couldn’t get my SSH keys to work even though I had them enabled in sshd_config and had them in the appropriate authorized_keys file.

I would try and login except the server wouldn’t even accept my key, it would just prompt for a password. It turns out that SELinux was blocking the keys from being accepted. The solution was to turn off SELinux fixed the issue, see below on how to do so.

Note: I highly recommend you do not follow this advice and leave SELinux enabled! Checkout how to do so below.

  1. Type the below to manually turn SELinux off
    [root@server ~] setenforce 0
    This will only disable SELinux for this boot, if the system restarts the service will start up again

  2. To fully disable SELinux you need to edit the file /etc/sysconfig/selinux so it looks like mine below.

  [root@server ~] cat /etc/sysconfig/selinux
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  # enforcing - SELinux security policy is enforced.
  # permissive - SELinux prints warnings instead of enforcing.
  # disabled - No SELinux policy is loaded.
  SELINUX=disabled
  # SELINUXTYPE= can take one of these two values:
  # targeted - Targeted processes are protected,
  # mls - Multi Level Security protection.
  SELINUXTYPE=targeted

If this still doesn’t fix your issue you need to ensure your permission on the ~/.ssh folder and ~/.ssh/authorized_keys file are correct, like below:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Leaving SELinux Enabled

Thanks to bvansomeren's comment below you can actually just run the below command to fix this issue AND leave SELinux enabled!

restorecon -R -v ~/.ssh

James Loh @itsjloh
I'm a Sysadmin for a web solutions company deploying clouds across the globe. I learn new things every day. You can also find me on Keybase & GitHub.