search for: ssh_port_t

I have experienced this myself. It is very upsetting. (Sent from iPhone, so please accept my apologies in advance for any spelling or grammatical errors.) > On Jan 19, 2017, at 2:57 AM, Fabian Arrotin <arrfab at centos.org> wrote: > > log

W dniu 19.01.2017 o 10:17, Hal Wigoda pisze: > I have experienced this myself. It is very upsetting. It happened on servers with docker installed. I got error message there: # semanage port -a -t ssh_port_t -p tcp <newport> Re-declaration of type docker_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 OSError: Error After uninstalling: # yum remove docker* Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock Rozwi?zywanie zale?no?...

...H on a different port, I decided to start a new thread but with SELinux involved. Assuming that you have SELinux enabled, and that you changed the default port for SSHD, let say for 1234, when I restart SSHD I don't get any AVC denials. This is the output of: semanage -l port | grep ssh ssh_port_t tcp 22 I thought (based on previous SELinux readings) that in order to allow SSHD on a non-default port you needed to: semanage port -a -t ssh_port_t -p tcp 1234 That was the theory I read :) Now in practice it seems it is not implemented yet, or at least by the time R...

On 01/19/2017 04:47 AM, Marcin Trendota wrote: > W dniu 19.01.2017 o 10:17, Hal Wigoda pisze: >> I have experienced this myself. It is very upsetting. > > > It happened on servers with docker installed. I got error message there: > # semanage port -a -t ssh_port_t -p tcp <newport> > Re-declaration of type docker_t > Failed to create node > Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 > OSError: Error > > After uninstalling: > # yum remove docker* > Wczytane wtyczki: fastestmirror, langpacks, priori...

...SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone. Thanks to puppet i was able to change SSH port back to default and log in, but is this expected behavior? I thought minor upgrade shouldn't break up things? Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency? -- Over And Out MoonWolf

...i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config 3. enable key access mkdir -p /root/.ssh chmod 700 /root/.ssh cat << EOF >> /root/.ssh/authorized_keys my_ssh_pubkey EOF 4. semanage port -a -t ssh_port_t -p tcp 60000 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp 6. systemctl enable firewalld.service did i miss anything? Thank you! Adrian

...sshd_config > 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' > /etc/ssh/sshd_config > 3. enable key access > mkdir -p /root/.ssh > chmod 700 /root/.ssh > cat << EOF >> /root/.ssh/authorized_keys > my_ssh_pubkey > EOF > 4. semanage port -a -t ssh_port_t -p tcp 60000 > 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp > 6. systemctl enable firewalld.service > > did i miss anything? > The %post section is definitely where you want your commands. I'd combine the sed commands in points 1 and 2, but that's a small n...

...policy - i have ssh there on > different port and now it's gone. > > Thanks to puppet i was able to change SSH port back to default and log > in, but is this expected behavior? I thought minor upgrade shouldn't > break up things? > > Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to > ensure persistency? > It's normally enough, there is no need to do it again, except if it lost all custom settings and booleans. Something to try on a VM (setup CentOS 7.3.1611, modify it without updating it, verify that it works, and then update...

Well, got hit by this too. Ironically, I don't use docker, I think I had it installed being pulled in for something else. So, tried the yum remove docker* but no go. When I do semanage port -a -t ssh_port_t -p tcp <port> I get an error Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 which is something that doesn't exist. Tried installing container-selinux, but so far, the only way to get SSH to work on a default port is to setenforce 0. This isn't a reall...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am having a problem getting sshd to run after changing it's default port. I edit sshd_config and set the desired port, open it with firewall-cmd and then issue a systemctl start sshd. No error gets reported on the console but the following is logged in /var/messages sshd.service: main process exited, code=exited, status=255/n/a Not a very

On 25.01.24 14:09, Kaushal Shriyan wrote: > I am running the below servers on Red Hat Enterprise Linux release 8.7 > How do I enable strong KexAlgorithms, Ciphers and MACs On RHEL 8, you need to be aware that there are "crypto policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they

...sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # #Port 9443 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # This system is following system-wide crypto pol...