[CentOS] OpenSSH-5.3p1 selinux problem on CentOS-5.4.

Ned Slider ned at unixmail.co.uk
Thu Feb 4 17:00:51 UTC 2010

James B. Byrne wrote:


> I am not sure what effect disabling SELinux support in SSH actually
> has from a security standpoint.  So, if anyone cares to enlighten me
> on the the consequences I would like to know.

I was under the impression that sshd runs unconfined in the current CentOS?

$ ps axZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss   0:00 

For example, you don't need to change the ssh_port in SELinux when 
running the sshd on an alternative port, I assume because sshd is 
running unconfined.

Also, it makes little sense to me to run sshd in a confined domain as an 
ssh login will give the user a login (bash) shell, which also runs 

$ ps axZ | grep bash
user_u:system_r:unconfined_t     8504 pts/3    Ss     0:00 /bin/bash
user_u:system_r:unconfined_t    16789 pts/4    Ss     0:00 /bin/bash

Or maybe I totally misunderstand?

More information about the CentOS mailing list