public key authentication fails ONLY when sshd is daemon
Solution 1:
Yes, SELinux is likely the cause. The .ssh
dir is probably mislabeled. Look at /var/log/audit/audit.log
. It should be labeled ssh_home_t
. Check with ls -laZ
. Run restorecon -r -vv /root/.ssh
if need be.
Solution 2:
I had the same issue. In my case, restorecon and chcon did not work.
I did not want to disable selinux. After lots of research, I finally figured it was because my home directory was mounted from elsewhere (NFS). I found this bug report which clued me in.
I ran:
> getsebool use_nfs_home_dirs
use_nfs_home_dirs --> off
to confirm use_nfs_home_dirs was off and then:
sudo setsebool -P use_nfs_home_dirs 1
to turn it on.
Now I can ssh to my machine using my key and without entering a password. Toggling the use_home_nfs_dirs boolean was what it took for me.
Solution 3:
To add to Mark Wagner's answer, if your're using a custom home directory path (i.e. not /home
), you need make sure you've set the SELinux security context. To do so, if you have user home directories in, for example, /myhome
, run:
semanage fcontext -a -e /home /myhome
restorecon -vR /myhome