[CentOS] Running SSH on a different port (with SELinux)

Jorge Fábregas jorge.fabregas at gmail.com
Sun Oct 25 18:08:28 UTC 2009

Hello everyone,

Now after the recent discussion on running SSH on a different port,  I decided 
to start a new thread but with SELinux involved.

Assuming that you have SELinux enabled, and that you changed the default port 
for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials.

This is the output of:  semanage -l port | grep ssh  
ssh_port_t                     tcp      22

I thought (based on previous SELinux readings) that in order to allow SSHD on 
a non-default port you needed to:

semanage port -a -t ssh_port_t -p tcp 1234

That was the theory I read :) Now in practice it seems it is not implemented 
yet, or at least by the time RHEL5 came out. Does anyone knows?

All the best,

More information about the CentOS mailing list