public key authentication fails ONLY when sshd is daemon

Solution 1:

Yes, SELinux is likely the cause. The .ssh dir is probably mislabeled. Look at /var/log/audit/audit.log. It should be labeled ssh_home_t. Check with ls -laZ. Run restorecon -r -vv /root/.ssh if need be.

Solution 2:

I had the same issue. In my case, restorecon and chcon did not work.

I did not want to disable selinux. After lots of research, I finally figured it was because my home directory was mounted from elsewhere (NFS). I found this bug report which clued me in.

I ran:

> getsebool use_nfs_home_dirs
use_nfs_home_dirs --> off

to confirm use_nfs_home_dirs was off and then:

sudo setsebool -P use_nfs_home_dirs 1

to turn it on.

Now I can ssh to my machine using my key and without entering a password. Toggling the use_home_nfs_dirs boolean was what it took for me.


Solution 3:

To add to Mark Wagner's answer, if your're using a custom home directory path (i.e. not /home), you need make sure you've set the SELinux security context. To do so, if you have user home directories in, for example, /myhome, run:

semanage fcontext -a -e /home /myhome
restorecon -vR /myhome