I recently fired up a CentOS 6 VPS for debugging and testing some remote stuff. However, when I tried using an SSH key to remotely login, I was stopped with the dreaded “Server refused our key” error that we’ve all seen when we mess up an SSH key or use a PuttyGen-created public key rather than copy/pasting the OpenSSH key contents into authorized_keys like we should (don’t act like you’ve never done it).
So I triple-checked everything and even used ssh-keygen on the server to create the keys rather than using PuttyGen, but it still wouldn’t work. As I was Googling around searching for answers, I noticed people using a restorecon command and the “PermitRootLogin without-password” setting in their sshd_config file for enabling root login via passwordless keys. An example post can be found here.
Turns out the restorecon command is what we need to use. I don’t know much about the command but it’s man-page says it “restore file(s) default SELinux security contexts”.
After running this on my server, I was able to login as user adam with a password-less SSH key:
restorecon -R -v /home/adam/.ssh
I’m honestly not sure what the resetorecon command does, but I know its what’s needed to make password-less SSH keys work for user adam. If you want to login as root with a password-less SSH key, then you’d run this command:
restorecon -R -v /root/.ssh
As a note, I’m unsure if this is just CentOS 6 or not, but a friend that uses CentOS 5.x said that he has never had to use the restorecon command to get SSH keys to work, so it might be a new standard feature found in the release notes of CentOS 6.