James B. Byrne wrote:
<snip>
I am not sure what effect disabling SELinux support in SSH actually has from a security standpoint. So, if anyone cares to enlighten me on the the consequences I would like to know.
I was under the impression that sshd runs unconfined in the current CentOS?
$ ps axZ | grep sshd system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss 0:00 /usr/sbin/sshd
For example, you don't need to change the ssh_port in SELinux when running the sshd on an alternative port, I assume because sshd is running unconfined.
Also, it makes little sense to me to run sshd in a confined domain as an ssh login will give the user a login (bash) shell, which also runs unconfined:
$ ps axZ | grep bash user_u:system_r:unconfined_t 8504 pts/3 Ss 0:00 /bin/bash user_u:system_r:unconfined_t 16789 pts/4 Ss 0:00 /bin/bash
Or maybe I totally misunderstand?