gitlab ์— ssh ๋กœ ์—ฐ๊ฒฐ์‹œ permission denied ์—๋Ÿฌ ๋ฐœ์ƒ

Owned by ์ •๊ด‘์„ญ
2014-Oct-06
1 min read

ย 

์›์ธ

git ๊ณ„์ •์˜ ํ™ˆ ๋””๋ ‰ํ„ฐ๋ฆฌ์˜ .ssh ํด๋”๊ฐ€ ์ž˜๋ชป๋œ SELinux ์ปจํ…์ŠคํŠธ(context )๋ฅผ ๊ฐ–๊ณ  ์žˆ์„ ๊ฒฝ์šฐ์— ๋งŽ์ด ๋ฐœ์ƒํ•œ๋‹ค

ย 

ํ™•์ธ

.ssh ์˜ SELinux ๋ ˆ์ด๋ธ”์„ ํ™•์ธํ•œ๋‹ค.

ls -ldZ ~/.ssh/
ย 
drwx------. git git unconfined_u:object_r:ssh_home_t:s0 /home/git//.ssh/

์œ„์™€ ๊ฐ™์ด ssh_home_tย context ย ์—ฌ์•ผ ํ•˜๋ฉฐ ๋‹ค๋ฅธ ์ปจํ…์ŠคํŠธ์ผ ๊ฒฝ์šฐ SELinux ๊ฐ€ ssh ๋ฐ๋ชฌ์ด ์ € ํด๋”๋ฅผ ์ฝ๋Š” ๊ฒƒ์„ ์ฐจ๋‹จํ•˜๋ฏ€๋กœ ์ธ์ฆ๋œ ๊ณต๊ฐœํ‚ค ํŒŒ์ผ(authorized_keys)์„ ์ฝ์ง€ ๋ชปํ•ด์„œ ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•œ๋‹ค.

ย 

SELinux ์—๋Ÿฌ ๋กœ๊ทธ ํ™•์ธ

 audit2why < /var/log/audit/audit.log
ย 
type=AVC msg=audit(1412569067.614:2916): avc:  denied  { read } for  pid=2781 comm="sshd" name="authorized_keys" dev=dm-2 ino=131169 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=file
        Was caused by:
                Missing type enforcement (TE) allow rule.
                You can use audit2allow to generate a loadable module to allow this access.

ย 

์กฐ์น˜

๋งž๋Š” SELinux ๋ ˆ์ด๋ธ”์„ .ssh ํด๋”์— ๋ถ€์—ฌํ•œ๋‹ค.

restorecon -R /home/git/.ssh