Recently we re-installed a common server with RHEL-7 and that went well. But after a couple days I noticed that I was unable to login with my personal ssh key but I had before. It was a minor annoyance and didn’t pursue it … until today.
It turns out that the /home/ directory on this system is an NFS mount, and in RHEL-7 we have set SELinux to default to enforcing. There is an SELinux boolean flag, “
use_nfs_home_dirs” that needed to be set to “1” (true). Running the “
setsebool -P use_nfs_home_dirs 1” on this system was the fix and now we/I can resume logging in with the SSH key instead of typing in my passwordeach time.
Some were reluctant to fix this as they always typed in their password. While typing in your password over the SSH login connection is encrypted, but it does present the possibility that your password could get copied given a compromised endpoint, plus we are trying to use longer passwords so typing this in multiple times per day was frustrating and slowed workflow. Using SSH keys eliminates this risk and provides for other features such as scheduled/scripted command execution and file transfers.