SSH port and SELinux

Errors Encounter:

$ tail /var/log/secure 

Sep 18 13:27:50 server1 sshd[13095]: Received signal 15; terminating.
Sep 18 13:27:50 server1 sshd[13798]: error: Bind to port 235 on 0.0.0.0 failed: Permission denied.
Sep 18 13:27:50 server1 sshd[13798]: error: Bind to port 235 on :: failed: Permission denied.

This article is meant to solve the above problem.

Make sure the following lines are in the sshd configuration and none of them is commented out with a leading “#”. In CentOS the ssh server configuration can be found at /etc/ssh/sshd_config.
Port 235

SELinux doesn't allow SSH to listen on port 235. So we need to modify the SELinux configuration to allow sshd to listen on our new port 235. To do this, we first need to check what ports sshd is allowed to listen on by executing the following command:

$ semanage port -l | grep ssh
ssh_port_t tcp 22

To allow sshd to listen on our new port 235 we have to add a rule to SELinux. This is done by executing the following command:

$ semanage port -a -t ssh_port_t -p tcp 235
Please be patient while this command is running. It can take some time to finish.

After this command has finished we can check the added rule again with the following command:
$ semanage port -l | grep ssh
ssh_port_t tcp 22, 235

Restart the sshd:
systemctl restart sshd

SSH into the server with the new port:
ssh -p 235 -l username ipaddress

Be the first to comment

Leave a Reply

Your email address will not be published.


*