Changing SSH port in CentOS with SELinux enabled

So, you wanted to change the ssh port, but when you restart sshd : “systemctl restart sshd” – it doesn’t wanna come up due to selinux not allowing it:

Apr 26 12:31:21 ip-10-0-0-169 systemd[1]: Starting OpenSSH server daemon…
— Subject: Unit sshd.service has begun start-up
— Defined-By: systemd
— Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

— Unit sshd.service has begun starting up.
Apr 26 12:31:21 ip-10-0-0-169 polkitd[13985]: Unregistered Authentication Agent for unix-process:14017:9027294 (system bus name :1.65, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bu
Apr 26 12:31:21 ip-10-0-0-169 sshd[14022]: error: Bind to port 25252 on 0.0.0.0 failed: Permission denied.
Apr 26 12:31:21 ip-10-0-0-169 sshd[14022]: error: Bind to port 25252 on :: failed: Permission denied.
Apr 26 12:31:21 ip-10-0-0-169 sshd[14022]: fatal: Cannot bind any address.
Apr 26 12:31:21 ip-10-0-0-169 systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
Apr 26 12:31:21 ip-10-0-0-169 systemd[1]: Unit sshd.service entered failed state.
Apr 26 12:31:21 ip-10-0-0-169 systemd[1]: sshd.service failed.

Enter semanage:

[root@ip-10-0-0-169 log]# semanage port -l | grep ssh
ssh_port_t tcp 22
[root@ip-10-0-0-169 log]# semanage port -a -t ssh_port_t -p tcp 25252

(this command will take a while to complete, so just let it be)

restart sshd: systemctl restart sshd 

voila! it’s alive!

— Unit sshd.service has begun starting up.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge