On virtually all of the servers that I work on, we use SSH pub-key authentication to help reduce the common brute force password attempts you see on ssh servers.
Recently when I was deploying a CentOS 6.2 server I ran into a problem trying to connect. Every time I connected it would not read the keys from %h/.ssh/authorized_keys
Looking at the logs on putty I saw the following: 'Server refused our key'
So I checked /var/log/messages and secure but didn't come up with any hits, and the permissions on the folders (.ssh & authorized_keys) were correct (700 and 600 respectively). Then looking at the /var/log/audit/audit.log file I picked up on the clue:
type=AVC msg=audit(1331658290.399:866): avc: denied { read } for pid=11149 comm="sshd" name="authorized_keys" dev=dm-2 ino=11796487 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=fileHA! It's Selinux blocking, but why, it's never done this before and we actually DO want it running. The trick turned out to be filed in a bug report (Bug 499343). The sub folders in this user folder were not labeled correctly so selinux could not see them.
The fix:
# restorecon -R -v /homeThat did the trick for us.
I guess it's worth noting that if had wanted to turn off SElinux, you could do the following:
# echo 0 >/selinux/enforce
vi /etc/selinux/config
...
SELINUX=enforcing
change to:
SELINUX=disabledLet others know if this helped you too in the comments below!