1 00:00:00,000 --> 00:00:08,280 So what are we going to do? 2 00:00:08,280 --> 00:00:11,920 Well, I'm going to start with the VIM on ETC SSH, 3 00:00:11,920 --> 00:00:14,480 SSH D underscore config. 4 00:00:14,480 --> 00:00:18,719 And there, I'm looking up the port parameter. 5 00:00:18,719 --> 00:00:20,879 Here is the port parameter. 6 00:00:20,879 --> 00:00:22,799 If you look closely, two lines above, 7 00:00:22,799 --> 00:00:25,719 you can see exactly what to do, SCManagePort. 8 00:00:25,719 --> 00:00:29,360 But I want to show you what is going on. 9 00:00:29,360 --> 00:00:31,320 If you don't do that, then I would 10 00:00:31,320 --> 00:00:38,320 use systemctl restart SSH D. And oh, boy, I'm getting a message. 11 00:00:38,320 --> 00:00:42,880 So systemctl status on SSH D might give me 12 00:00:42,880 --> 00:00:44,759 more interesting information. 13 00:00:44,759 --> 00:00:46,119 In fact, it does not. 14 00:00:46,119 --> 00:00:47,480 That's disappointing. 15 00:00:47,480 --> 00:00:52,240 Journalctl minus U SSH D. Is that bringing me anything? 16 00:00:52,240 --> 00:00:54,000 Yeah, there we can see error. 17 00:00:54,000 --> 00:00:56,439 Bind to port 2022. 18 00:00:56,439 --> 00:00:58,560 Permission denied. 19 00:00:58,560 --> 00:01:00,880 Now, in normal troubleshooting, you 20 00:01:00,880 --> 00:01:04,120 would use set and force permissive try again. 21 00:01:04,120 --> 00:01:07,000 But I can tell you it will work in permissive mode. 22 00:01:07,000 --> 00:01:09,000 So I'm going to skip that step because I'm 23 00:01:09,000 --> 00:01:10,760 pretty sure about myself. 24 00:01:10,760 --> 00:01:13,160 And I'm going directly for the understanding. 25 00:01:13,160 --> 00:01:18,400 Grab AVC on var log audit audit.log. 26 00:01:18,400 --> 00:01:19,879 And what do we see? 27 00:01:19,879 --> 00:01:24,400 We see denied name bind for command SSH D. 28 00:01:24,400 --> 00:01:27,559 The source context is SSH D underscore T. 29 00:01:27,559 --> 00:01:31,720 And the target context is unreserved port underscore T. 30 00:01:31,720 --> 00:01:34,480 I can imagine that in the SELinux policy, 31 00:01:34,480 --> 00:01:39,120 there is no policy at all that allows this source context 32 00:01:39,120 --> 00:01:42,279 to go to this unknown target context. 33 00:01:42,279 --> 00:01:44,480 So we need to figure out what to do. 34 00:01:44,480 --> 00:01:50,040 One way would be to do man semanage port. 35 00:01:50,040 --> 00:01:53,760 Use uppercase G to go to the end and check 36 00:01:53,760 --> 00:01:57,000 if the help is useful. 37 00:01:57,000 --> 00:01:59,360 And in fact, the help is very useful. 38 00:01:59,360 --> 00:02:01,400 So you could copy this as well. 39 00:02:01,400 --> 00:02:02,000 You know what? 40 00:02:02,000 --> 00:02:04,519 I'm going to copy it so that it is done. 41 00:02:04,519 --> 00:02:06,959 We don't have the right port here. 42 00:02:06,959 --> 00:02:10,440 But if I paste it, the only thing I need to do 43 00:02:10,440 --> 00:02:12,320 is change the port. 44 00:02:12,320 --> 00:02:14,479 And that should be doing it. 45 00:02:14,479 --> 00:02:19,639 But just for fun, I'm going to use journal CTL pipe 46 00:02:19,639 --> 00:02:22,279 grab SCAlert as well. 47 00:02:22,279 --> 00:02:24,759 I want to see what SCAlert is doing. 48 00:02:24,759 --> 00:02:26,839 So here is the SCAlert message. 49 00:02:26,839 --> 00:02:31,039 And I'm going to copy this SCAlert message, 50 00:02:31,039 --> 00:02:36,080 including the ID in the SELinux event database 51 00:02:36,080 --> 00:02:37,520 so that we can look it up. 52 00:02:37,520 --> 00:02:39,199 And then I'm going to paste. 53 00:02:39,199 --> 00:02:40,919 And I'm pasting it through less. 54 00:02:40,919 --> 00:02:42,320 And what do we see? 55 00:02:42,320 --> 00:02:46,119 It's telling us SCManage port minus A minus T port type 56 00:02:46,119 --> 00:02:48,759 minus B TCP 2022. 57 00:02:48,759 --> 00:02:51,600 The only thing that we need to figure out for ourselves 58 00:02:51,600 --> 00:02:56,119 is from this list of three this time which port type to use. 59 00:02:56,119 --> 00:02:59,320 And hey, that is what we just did, right? 60 00:02:59,320 --> 00:03:01,360 So we should be OK. 61 00:03:01,360 --> 00:03:03,160 And oops, I already did it. 62 00:03:03,160 --> 00:03:09,399 And at this point, system CTL restart SSHD should be working. 63 00:03:09,399 --> 00:03:13,960 Don't forget that you need SSH minus B 2022 64 00:03:13,960 --> 00:03:17,839 to connect to localhost from now on.