For our network we have users managed completely through OpenLDAP and the home directory is mounted from a central server using NFS. Server A is the master, it's where /home locally exists and it runs the OpenLDAP server. Server B mounts this and users can log in fine using SSH keys. Users can log in using SSH Keys on server A as well.
Server C is set up in all ways identical to server B. Users can sign in using their OpenLDAP-created credentials, ssh, and their /home is correctly mounted. However, they are not able to use their ssh keys. They are required to submit a password.
Between servers B and C nearly all configuration files are the same. All servers are running CentOS7 and have identical /etc/nsswitch.conf, /etc/ssh/sshd_config, /etc/nslcd.conf, system-auth and sshd PAM files.
Any idea where the issue could lie?
Edit:
Verbose output on SSH looks like the following on server B:
debug1: Offering RSA public key: /home/me/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
But on C the output of same section doesn't give a reply to the key:
debug1: Offering RSA public key: /home/me/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
To further add to the weirdness, trying to launch sshd manually with the verbose flag on C works. It seems to only happen when systemd is automating it.
It looks like the issue was SELinux. If anyone comes across the same issue, the following thread is very helpful.
https://serverfault.com/questions/321534/public-key-authentication-fails-only-when-sshd-is-daemon