Red Hat Bugzilla – Bug 986127
selinux is blocking sshd from running on a different port
Last modified: 2013-07-19 06:41:59 EDT
Description of problem:
The fedora 19 guest currently has selinux disabled. When I add another port directive to the sshd config and restart the service I dont see the new added port listed when I check for it in lsof.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Make sure selinux is disabled
2. Add a "Port" directive to sshd_config
3. Restart SSH
You will not see the new port bound by SSH in netstat or lsof. ('lsof -Pni')
The port should be bound and not deterred by selinux as it is disabled.
Running the semanage command as shown in the sshd_config will allow the port to be used and be connected to.
If you have SELinux disabled then you don't need to run semanage.
It works for me. Can you see something in /var/log/secure? Could you please paste an output of:
# /usr/sbin/sshd -T | grep port
If SELinux is disabled then this is not an SELinux bug.