[CentOS] Running SSH on a different port (with SELinux)

Ned Slider ned at unixmail.co.uk
Sun Oct 25 20:06:58 UTC 2009

Jorge Fábregas wrote:
> Hello everyone,
> Now after the recent discussion on running SSH on a different port,  I decided 
> to start a new thread but with SELinux involved.
> Assuming that you have SELinux enabled, and that you changed the default port 
> for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials.
> This is the output of:  semanage -l port | grep ssh  
> ssh_port_t                     tcp      22
> I thought (based on previous SELinux readings) that in order to allow SSHD on 
> a non-default port you needed to:
> semanage port -a -t ssh_port_t -p tcp 1234
> That was the theory I read :) Now in practice it seems it is not implemented 
> yet, or at least by the time RHEL5 came out. Does anyone knows?

The SSH daemon runs as an unconfined service in SELinux (at least on 
RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs 

More information about the CentOS mailing list