James B. Byrne wrote: <snip> > > I am not sure what effect disabling SELinux support in SSH actually > has from a security standpoint. So, if anyone cares to enlighten me > on the the consequences I would like to know. > I was under the impression that sshd runs unconfined in the current CentOS? $ ps axZ | grep sshd system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss 0:00 /usr/sbin/sshd For example, you don't need to change the ssh_port in SELinux when running the sshd on an alternative port, I assume because sshd is running unconfined. Also, it makes little sense to me to run sshd in a confined domain as an ssh login will give the user a login (bash) shell, which also runs unconfined: $ ps axZ | grep bash user_u:system_r:unconfined_t 8504 pts/3 Ss 0:00 /bin/bash user_u:system_r:unconfined_t 16789 pts/4 Ss 0:00 /bin/bash Or maybe I totally misunderstand? _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos