Re: Running SSH on a different port (with SELinux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Jorge Fábregas wrote:
> Hello everyone,
> 
> Now after the recent discussion on running SSH on a different port,  I decided 
> to start a new thread but with SELinux involved.
> 
> Assuming that you have SELinux enabled, and that you changed the default port 
> for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials.
> 
> This is the output of:  semanage -l port | grep ssh  
> ssh_port_t                     tcp      22
> 
> I thought (based on previous SELinux readings) that in order to allow SSHD on 
> a non-default port you needed to:
> 
> semanage port -a -t ssh_port_t -p tcp 1234
> 
> That was the theory I read :) Now in practice it seems it is not implemented 
> yet, or at least by the time RHEL5 came out. Does anyone knows?
> 

The SSH daemon runs as an unconfined service in SELinux (at least on 
RHEL4 and 5), so SELinux has no effect on SSH. Same as a bash shell runs 
unconfined.




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux