A few months ago I created a Fedora 25 droplet and changed my SSH port. Obviously, I had to allow it through selinux and firewalld.
This is the command I ran as root:
semanage port -a -t ssh_port_t -p tcp [nonstandard port number]
I upgraded to Fedora 26 a little while back and I was setting up a mail server a couple days ago. I’ve rebooted a few times but suddenly after one of them SSH failed to bind. It turns out that selinux is back to blocking it, so I tried to add it back in.
# semanage port -a -t ssh_port_t -p tcp [port] libsepol.context_from_record: type vmci_device_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:vmci_device_t:s0 to sid invalid context system_u:object_r:vmci_device_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. OSError: [Errno 0] Error
I’ve tried a few different ports. Ones that are already defined give the expected error. Other ports give the vmci one.
# semanage port -a -t ssh_port_t -p tcp 22 ValueError: Port tcp/22 already defined
VMCI seems to be related to vmware. I didn’t install anything of the sort so I’m guessing DigitalOcean uses it for their droplets or something. Help? I’m willing to migrate to a new droplet at this point if I need to but I want to know what went wrong and how to fix it.
SSH works normally on 22 or when selinux is disabled or permissive, but those are workarounds not solutions.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.