SSH login fails with Permission denied, please try again and error: Could not get shadow information for root even after entering the correct password. This happens because SELinux is blocking the authentication process. Disable SELinux temporarily or permanently to restore access.
Prerequisites
Before you begin, ensure that you have:
Access to the rescue feature for your simple application server (required because SSH is unavailable)
Step 1: Check the SELinux status
Connect to your server using the rescue feature.
Run the following command to check whether SELinux is enabled:
/usr/sbin/sestatus -vIf SELinux is the cause of the connection failure, the output includes:
SELinux status: enabled Current mode: enforcing Mode from config file: enforcingNote the value of
Current mode. You need this to determine whether permanent disable is available.If the output shows
SELinux status: disabled, SELinux is not the cause. Check for other reasons for the SSH failure.
Step 2: Disable SELinux
Choose a method based on your situation:
| Method | When to use |
|---|---|
| Temporarily disable | For testing or debugging — SELinux re-enables after a reboot |
| Permanently disable | After confirming SELinux is the cause and you do not need it enabled |
Disabling SELinux permanently reduces system security. In production environments, use the temporary method first to confirm the cause before making permanent changes.
Temporarily disable SELinux
Run the following command:
setenforce 0SELinux is disabled immediately. The setting does not persist after a reboot.
Permanently disable SELinux
This method only works if Current mode in the sestatus output is enforcing. If the mode is already permissive or disabled, skip this step.
Run the following command to update the SELinux configuration file:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configRestart the server for the change to take effect. For details, see View server information.
What's next
After disabling SELinux, reconnect to your server using SSH. If the connection still fails, the issue has a different cause. For a full reference on managing SELinux states, see Enable or disable SELinux.