Hi all,
I've recently upgraded my system, but after that I was not able to connect
through ssh. More things are wrong (from my POV):
1)SELinux blocks all nondefault ports for ssh
I have ssh confugured to use different port than 22 for security reasons and I
think there is a lot of people doing that.
Question: Is it worth blocking all ports for ssh?
2)SELinux did not show any sealert warning about this. Running sealert -b shows
no problem. There is one message in /var/log/messages:
kernel: [90346.301108] type=1400 audit(1286901219.350:29): avc: denied {
name_bind } for pid=6830 comm="sshd" src=6520
scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Question: This should be reported afaik, so it's a bug, right?
3)After checking /var/log/boot.log there is "Starting ssh ... [ OK ]".
I get the same success info after "service sshd start", but immediate service
sshd status returns "openssh-daemon is stopped", but I'm not sure if this is
fixable because all that daemonize and other stuff.
Question: What does other network daemons (httpd,...) do? Do they start
successfully (from initscript's POV) when they can't use configured port?
I'm really glad I've found this out before updating my headless F-12 server.
2 of 3 questions are about SELinux, ccing Dan.
Michal
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
