From 1bfb04ac6738208c54e66098c34afb144f920ccf Mon Sep 17 00:00:00 2001
From: Michael Blaschek <michael.blaschek@univie.ac.at>
Date: Thu, 19 Aug 2021 06:21:10 +0000
Subject: [PATCH] ssh-key selinux

---
 SSH-VPN-VNC/SSH.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/SSH-VPN-VNC/SSH.md b/SSH-VPN-VNC/SSH.md
index eebadb1..7a8dcbf 100644
--- a/SSH-VPN-VNC/SSH.md
+++ b/SSH-VPN-VNC/SSH.md
@@ -38,6 +38,15 @@ and replacing `[USERNAME]` and `[U:Account USERNAME]` with your usernames. Using
 
 If you want to use ssh-keys you can also use different keys in `.ssh/config` per server with `IdentityFile ~/.ssh/id_rsa_for_server`.
 
+**Note: If you are having trouble with your ssh-key being accepted. You need to check the selinux security policy. Because we use non standard home directories, which are not accepted by default.** Do that by running:
+```bash
+ls -ldZ ~/.ssh/
+drwx------. 2 monkey users system_u:object_r:ssh_home_t:s0 4.0K Aug 18 21:24 .ssh/
+
+ls -lZ ~/.ssh/
+-rw-------. 1 monkey users unconfined_u:object_r:ssh_home_t:s0  1.3K Aug 17 10:58 authorized_keys
+```
+If you are not seeing `ssh_home_t` than you need to run `restorecon -Rv ~/.ssh/` which should update the security policy and allow for the SSH-Daemon to accept your keys.
 
 **From eduroam**: You should be able to log in as above.
 
-- 
GitLab