Secure shell client and server policy.
false
Allow ssh with chroot env to read and write files in the user home directories
false
allow host key based authentication
false
Allow ssh logins as sysadm_r:sysadm_t
Execute the ssh agent client in the caller domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Append ssh home directory content
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Delete from the ssh temp files.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute the ssh daemon sshd domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed to transition. | 
Execute the ssh key generator in the ssh keygen domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed to transition. | 
Read ssh server keys
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Do not audit attempts to read and write ssh server TCP sockets.
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Dontaudit search ssh home directory
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Do not audit attempts to read and write the sshd pty type.
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Allow domain dyntransition to chroot_user_t domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute the ssh client in the caller domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute the ssh key generator in the caller domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed to transition. | 
Create .ssh directory in the /root directory with an correct label.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Create .ssh directory in the user home directory with an correct label.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Create .ssh directory in the user home directory with an correct label.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Getattr ssh server keys
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Getattr ssh home directory
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute sshd server in the sshd domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Manage ssh home directory content
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read a ssh server unnamed pipe.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read ssh home directory content
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute ssh-keygen in the iptables domain, and allow the specified role the ssh-keygen domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed to transition. | 
| role | Role allowed access. | 
Read and write ssh server unix dgram sockets.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read and write a ssh server unnamed pipe.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read and write ssh server unix domain stream sockets.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read and write ssh server TCP sockets.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Set the attributes of sshd key files.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Send a SIGCHLD signal to the ssh server.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Send a generic signal to the ssh server.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Send a null signal to sshd processes.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Execute sshd server in the sshd domain.
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed to transition. | 
Connect to SSH daemons over TCP sockets. (Deprecated)
| Parameter: | Description: | 
|---|---|
| domain | Domain allowed access. | 
Read and write inherited sshd pty type.
| Parameter: | Description: | 
|---|---|
| domain | Domain to not audit. | 
Basic SSH client template.
This template creates a derived domains which are used for ssh client sessions. A derived type is also created to protect the user ssh keys.
This template was added for NX.
| Parameter: | Description: | 
|---|---|
| userdomain_prefix | The prefix of the domain (e.g., user is the prefix for user_t). | 
| user_domain | The type of the domain. | 
| user_role | The role associated with the user domain. | 
The template to define a domain to which sshd dyntransition.
| Parameter: | Description: | 
|---|---|
| domain | The prefix of the dyntransition domain | 
Role access for ssh
| Parameter: | Description: | 
|---|---|
| role_prefix | The prefix of the role (e.g., user is the prefix for user_r). | 
| role | Role allowed access | 
| domain | User domain for the role | 
The template to define a ssh server.
This template creates a domains to be used for creating a ssh server. This is typically done to have multiple ssh servers of different sensitivities, such as for an internal network-facing ssh server, and a external network-facing ssh server.
| Parameter: | Description: | 
|---|---|
| userdomain_prefix | The prefix of the server domain (e.g., sshd is the prefix for sshd_t). |