[CentOS] Running SSH on a different port (with SELinux)
Ned Slider
ned at unixmail.co.uk
Sun Oct 25 19:06:58 UTC 2009
Jorge Fábregas wrote:
> Hello everyone,
>
> Now after the recent discussion on running SSH on a different port, I decided
> to start a new thread but with SELinux involved.
>
> Assuming that you have SELinux enabled, and that you changed the default port
> for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials.
>
> This is the output of: semanage -l port | grep ssh
> ssh_port_t tcp 22
>
> I thought (based on previous SELinux readings) that in order to allow SSHD on
> a non-default port you needed to:
>
> semanage port -a -t ssh_port_t -p tcp 1234
>
> That was the theory I read :) Now in practice it seems it is not implemented
> yet, or at least by the time RHEL5 came out. Does anyone knows?
>
The SSH daemon runs as an unconfined service in SELinux (at least on
RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs
unconfined.
More information about the CentOS
mailing list