一个用户能访问 sshd-server，但第二个用户不能访问

我使用公钥和私钥访问我的服务器。使用用户“peter”我可以正常访问服务器，但使用用户“git”我无法访问服务器。它总是要求我输入密码。如果我输入密码，我可以正常登录，但我当然希望只使用密钥登录。

我对这两个用户使用了与此处检查相同的密钥：

peter@peter-ThinkPad:~$ ssh [email protected]
Last login: Tue Jan 28 16:29:03 2014 from 192.168.0.108
[peter@git ~]$ sudo su
[sudo] password for peter: 
[root@git peter]# diff /home/peter/.ssh/authorized_keys2 /home/git/.ssh/authorized_keys2 
[root@git peter]#

权利也正确设置：

[root@git peter]# ls -al /home/git/.ssh/
-rwx------. 1 git git  412 28. Jän 15:59 authorized_keys2
[root@git peter]# ls -al /home/git/
drwx------.  2 git  git  4096 28. Jän 16:05 .ssh
[root@git peter]# ls -al /home/
drwx------.  9 git   git   4096 28. Jän 15:32 git

用户git是系统用户，(uid=497(git) gid=497(git) Gruppen=497(git) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023)不过我觉得这样没有问题。

/etc/ssh/sshd_config 看起来像这样（仅未注释的部分）：

Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem   sftp    /usr/libexec/openssh/sftp-server

我使用 CentOS 6.5 作为服务器。我的客户端是 Lubuntu 13.10。服务器应该托管一个 gitlab。它已经安装并运行，只是 ssh-access 不起作用。

当我尝试登录时：

peter@peter-ThinkPad:~$ ssh -v [email protected]
OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to git.aerodyne [192.168.0.204] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b7:0d:7a:f6:f7:b9:c5:89:4f:17:9f:3f:4d:4b:a2:81
debug1: Host 'git.aerodyne' is known and matches the RSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/peter/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
Password: 

编辑1：

getent passwd git

给了我：

git:x:497:497:GitLab:/home/git/:/bin/bash

编辑2：

我现在查看了 /var/log/messages 日志文件，发现了这个错误：

Jan 29 17:06:21 git kernel: type=1400 audit(1391011581.732:41): avc:  denied  { read } for  pid=2580 comm="sshd" name="authorized_keys2" dev=sda3 ino=1005 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=file