有效的authorized_keys文件？

Question

I have a piece of software I wrote using Python & Paramiko which distributes a public ssh key to a target linux machine. Then it tries to connect using the private key. On one machine (RHEL version 5), it works with no problem. On other machines (CentOS, RHEL version 6), something peculiar happens. The public key gets distributed but the server refuses the private key (I use plink for testing). I then do the following (in .ssh directory):

cp authorized_keys _temp
cat _temp > authorized_keys
chown testuser authorized_keys
chmod 600 authorized_keys

Then the authentication works (just as before). So this rules out sshd configuration. Also, as I mentioned before, the distribution works in another machine and authentication is successful with the same distribution mechanism. So I guess the distribution is ok. It is probably related to the text file format. I ruled out CR+LF instead of LF by getting the authorized_keys file back to my machine and inspecting it - it had LF only.

So the only thing I can say for sure currently is that somehow, cat and > (or just one of them) "fixed" the file, but I can't really say which one and how. Since I would like the process to work without manual intervention and with as little workarounds as possible -> Can anyone explain this?

Thanks!

Answer 1

You could try to use the dos2unix command to fix the whitespaces:

dos2unix authorized_keys

But I suspect that this could be also a selinux problem. If you visualize the selinux context with ls :

ls -lZ .ssh/*

you should get something like

-rw-------. git git unconfined_u:object_r:ssh_home_t:s0 authorized_keys

see the ssh_home_t context. If you don't see that, you need to restore it with restorecon :

restorecon -r .ssh

In general, you can use the audit2why command to see what went wrong with selinux issues:

audit2why /var/log/audit/audit.log