I am trying to ssh into my linux machine from my mac. If I am physically at the machine I can log in with my password just fine, but if I am sshing it refuses. I am getting: Permission denies (publickey,keyboard-interactive) I have previously been able to ssh in (last time was probably about a month ago) but all of a sudden I can’t access it any more. I thought that it might be caused by some changes that I recently made to system-auth, but I restored everything to what I believe was the original format:
#%PAM-1.0# This file is auto-generated.# User changes will be destroyed the next time authconfig is run.auth required pam_env.soauth sufficient pam_fprintd.soauth sufficient pam_unix.so nullok try_first_passauth requisite pam_succeed_if.so uid >= 500 quietauth required pam_deny.soaccount required pam_unix.soaccount sufficient pam_localuser.soaccount sufficient pam_succeed_if.so uid < 500 quietaccount required pam_permit.sopassword requisite pam_cracklib.so try_first_pass retry=3password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtokpassword required pam_deny.sosession optional pam_keyinit.so revokesession required pam_limits.sosession [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uidsession required pam_unix.so
But I still could not ssh in. I tried removing my password all together and that didn’t seem to help either. It still asks and even entering an empty string (nothing) it still fails me out.
I checked the sshd_config, at the suggestion of an answer below, and that does not seem to be the issue.
PermitEmptyPasswords yesPasswordAuthentication yesUsePAM yesChallengeResponseAuthentication noRSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile /home/%u/.ssh/authorized_keys
I haven’t actually looked into this file, before it was suggested, so I imagine most of it is probably still system defaults.
And I am still shut out through ssh.
Any advice?
Solution:
If you’re running Red Hat with Security Enchanced Linux enabled (SELinux), then you might be having a problem because SELinux is preventing sshd from reading $HOME/.ssh. To make SELinux happy, you have to do
root@sshd-server# restorecon -Rv ~/.ssh
To see if you’re running with SELinux enabled use sestatus. Here’s what it looks like if SELinux is enabled.
root@sshd-server# sestatusSELinux status: enabledSELinuxfs mount: /selinuxCurrent mode: enforcingMode from config file: enforcingPolicy version: 24Policy from config file: targeted
Note that you may also have to change the security context of the .ssh file. Use the -Z
switch to the ls
command like:
ls -laZ ~/.ssh
Which may report a security context like system_u:object_r:default_t:s0
.Then use the chcon
command like:
chcon -R -v system_u:object_r:usr_t:s0 ~/.ssh/
Thanks to Massimo Ronca’s post titled “Fixing SELinux and passwordless SSH authentication”[1] for the chcon
tip.
1- https://massimoronca.it/2017/03/14/fixing-selinux-and-passwordless-ssh-authentication.html