On 01/19/2017 12:43 AM, Marcin Trendota wrote: > After recent system upgrade (this night) i lost access to two servers > through SSH, because of change in SELinux policy - i have ssh there on > different port and now it's gone. Which release? I also run ssh on an alternate port on one host, and that host didn't break following yesterday's updates. Can you get the AVCs from /var/log/audit/audit.log? What is currently the content of /etc/selinux/targeted/modules/active/ports.local? Does it describe the same ports as the output of "semanage port -l -C"? > Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to > ensure persistency? It should be. You should see that port labeled in the file above.