Running sshd on 443/tcp

What?

So I had this need to run ssh daemon on port 443/TCP. I reconfigured sshd daemon, iptables and stucked with Selinux policy, when I wanted to assign port 443 to sshd_port_t (so I thought I'd need to remove in the first step actual assignment of port 443 which is http_port_t):

[root@srv ~]# semanage port -d -t http_port_t -p tcp 44 \
3 \
                                                    
ValueError: Port tcp/443 is defined in policy, cannot b \
e deleted

SSH on port 443? sshd configuration + iptables

Yup, it happens ;)

It's simple reconfiguration done in /etc/ssh/sshd_config:

Port 22
Port 443

So as you can see I left sshd running also on port 22/tcp. Also reconfigured iptables (Centos 7, no firewalld yet):

[root@srv ~]# grep 443 /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 \
 -j ACCEPT

Back to Selinux - how to fix this?

Actually answer lays in documentation:

$ man semanage-port

       -m, --modify
              Modify a record of the specified object t \
              ype

So basically instead of removing this httpd_port_t assignment, what is impossible without recompiling the policy I just modified it:

[root@srv ~]# semanage port -m -t ssh_port_t -p tcp 443

And now we have:

[root@netrunner ~]# semanage port -l | grep 443 \
 \
 \
   
http_port_t                    tcp      80, 81, 443, 48 \
8, 8008, 8009, 8443, 9000
ssh_port_t                     tcp      443, 444, 22

Works for me ;)

Running sshd on 443/tcp

What?

SSH on port 443? sshd configuration + iptables

Back to Selinux - how to fix this?

About Author

Sponsored Ad

Read Next

Ghost migration is done! New blog engine and new layout

Migrating from Pelican to Ghost: `Your content import was unsuccessful` troubleshooting