🟠 High   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 10

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Users with valid keys cannot log in, disrupting operations and automation.

Environment & Reproduction

Common after home migration or backup restore without context preservation.

ssh -v user@host
ls -la ~/.ssh
getenforce

Root Cause Analysis

Incorrect SELinux labels or loose file permissions cause sshd to reject authorized keys.

Quick Triage

Review sshd logs and AVC denials around login attempt.

journalctl -u sshd -n 80
ausearch -m avc -ts recent
ls -lZd /home/user /home/user/.ssh

Step-by-Step Diagnosis

Validate expected permissions and SELinux contexts.

namei -l /home/user/.ssh/authorized_keys
matchpathcon /home/user/.ssh/authorized_keys
stat -c '%a %n' /home/user /home/user/.ssh /home/user/.ssh/authorized_keys
Illustrative mockup for rhel-10 — terminal_or_shell
home directory SELinux label checks — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Restore ownership, strict permissions, and correct SELinux labels.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

chown -R user:user /home/user/.ssh
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys
restorecon -Rv /home/user/.ssh
Illustrative mockup for rhel-10 — logs_or_journal
sshd auth failures and AVC logs — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Recreate .ssh directory from a known-good template for affected users.

install -d -m 700 -o user -g user /home/user/.ssh
install -m 600 -o user -g user /tmp/authorized_keys /home/user/.ssh/authorized_keys

Verification & Acceptance Criteria

Public key login succeeds and no new AVC events are generated.

ssh -o PreferredAuthentications=publickey user@localhost
ausearch -m avc -ts recent
journalctl -u sshd --since '10 min ago'

Rollback Plan

Restore prior key files and contexts if new key deployment fails.

cp -a /root/user-ssh-backup/* /home/user/.ssh/
restorecon -Rv /home/user/.ssh

Prevention & Hardening

Enforce secure home and key file permissions through account provisioning automation.

Related to sshd_config hardening directives and centralized identity mounts.

Related tutorial: View the step-by-step tutorial for rhel-10.

View all rhel-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

RHEL OpenSSH and SELinux user home labeling guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.