Secure shell client and server policy.
false
allow host key based authentication
true
Allow ssh logins as sysadm_r:sysadm_t
false
Allow ssh to use gpg-agent
Execute the ssh agent client in the caller domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Execute the ssh client in the ssh client domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed to transition. |
Create ssh home directory (~/.ssh)
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Delete from the ssh temp files.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Execute the ssh daemon sshd domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed to transition. |
Execute the ssh key generator in the ssh keygen domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed to transition. |
dontaudit access to ssh agent tmp dirs
| Parameter: | Description: |
|---|---|
| domain |
Domain not to audit. |
Do not audit denials on reading ssh server keys
| Parameter: | Description: |
|---|---|
| domain |
Domain to not audit. |
Do not audit attempts to read and write ssh server TCP sockets.
| Parameter: | Description: |
|---|---|
| domain |
Domain to not audit. |
Execute the ssh client in the caller domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Execute the ssh daemon in the caller domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Manage ssh home directory content
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read a ssh server unnamed pipe.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read ssh server keys
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read ssh home directory content
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read and write a ssh server unnamed pipe.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read and write ssh server unix domain stream sockets.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Read and write ssh server TCP sockets.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Set the attributes of ssh home directory (~/.ssh)
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Set the attributes of sshd key files.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Send a SIGCHLD signal to the ssh server.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Send a generic signal to the ssh server.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Send a null signal to sshd processes.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Basic SSH client template.
This template creates a derived domains which are used for ssh client sessions. A derived type is also created to protect the user ssh keys.
This template was added for NX.
| Parameter: | Description: |
|---|---|
| userdomain_prefix |
The prefix of the domain (e.g., user is the prefix for user_t). |
| user_domain |
The type of the domain. |
| user_role |
The role associated with the user domain. |
Role access for ssh
| Parameter: | Description: |
|---|---|
| role_prefix |
The prefix of the user role (e.g., user is the prefix for user_r). |
| user_domain |
User domain for the role. |
| user_exec_domain |
User exec domain for execute and transition access. |
| role |
Role allowed access |
The template to define a ssh server.
This template creates a domains to be used for creating a ssh server. This is typically done to have multiple ssh servers of different sensitivities, such as for an internal network-facing ssh server, and a external network-facing ssh server.
| Parameter: | Description: |
|---|---|
| userdomain_prefix |
The prefix of the server domain (e.g., sshd is the prefix for sshd_t). |