<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> - <a href='services_abrt.html'> abrt</a><br/> - <a href='services_afs.html'> afs</a><br/> - <a href='services_aiccu.html'> aiccu</a><br/> - <a href='services_aide.html'> aide</a><br/> - <a href='services_aisexec.html'> aisexec</a><br/> - <a href='services_amavis.html'> amavis</a><br/> - <a href='services_apache.html'> apache</a><br/> - <a href='services_apcupsd.html'> apcupsd</a><br/> - <a href='services_apm.html'> apm</a><br/> - <a href='services_arpwatch.html'> arpwatch</a><br/> - <a href='services_asterisk.html'> asterisk</a><br/> - <a href='services_audioentropy.html'> audioentropy</a><br/> - <a href='services_automount.html'> automount</a><br/> - <a href='services_avahi.html'> avahi</a><br/> - <a href='services_bind.html'> bind</a><br/> - <a href='services_bitlbee.html'> bitlbee</a><br/> - <a href='services_bluetooth.html'> bluetooth</a><br/> - <a href='services_boinc.html'> boinc</a><br/> - <a href='services_bugzilla.html'> bugzilla</a><br/> - <a href='services_cachefilesd.html'> cachefilesd</a><br/> - <a href='services_canna.html'> canna</a><br/> - <a href='services_ccs.html'> ccs</a><br/> - <a href='services_certmaster.html'> certmaster</a><br/> - <a href='services_certmonger.html'> certmonger</a><br/> - <a href='services_cgroup.html'> cgroup</a><br/> - <a href='services_chronyd.html'> chronyd</a><br/> - <a href='services_cipe.html'> cipe</a><br/> - <a href='services_clamav.html'> clamav</a><br/> - <a href='services_clockspeed.html'> clockspeed</a><br/> - <a href='services_clogd.html'> clogd</a><br/> - <a href='services_cmirrord.html'> cmirrord</a><br/> - <a href='services_cobbler.html'> cobbler</a><br/> - <a href='services_comsat.html'> comsat</a><br/> - <a href='services_consolekit.html'> consolekit</a><br/> - <a href='services_corosync.html'> corosync</a><br/> - <a href='services_courier.html'> courier</a><br/> - <a href='services_cpucontrol.html'> cpucontrol</a><br/> - <a href='services_cron.html'> cron</a><br/> - <a href='services_cups.html'> cups</a><br/> - <a href='services_cvs.html'> cvs</a><br/> - <a href='services_cyphesis.html'> cyphesis</a><br/> - <a href='services_cyrus.html'> cyrus</a><br/> - <a href='services_dante.html'> dante</a><br/> - <a href='services_dbskk.html'> dbskk</a><br/> - <a href='services_dbus.html'> dbus</a><br/> - <a href='services_dcc.html'> dcc</a><br/> - <a href='services_ddclient.html'> ddclient</a><br/> - <a href='services_denyhosts.html'> denyhosts</a><br/> - <a href='services_devicekit.html'> devicekit</a><br/> - <a href='services_dhcp.html'> dhcp</a><br/> - <a href='services_dictd.html'> dictd</a><br/> - <a href='services_dirsrv.html'> dirsrv</a><br/> - <a href='services_dirsrv-admin.html'> dirsrv-admin</a><br/> - <a href='services_distcc.html'> distcc</a><br/> - <a href='services_djbdns.html'> djbdns</a><br/> - <a href='services_dkim.html'> dkim</a><br/> - <a href='services_dnsmasq.html'> dnsmasq</a><br/> - <a href='services_dovecot.html'> dovecot</a><br/> - <a href='services_exim.html'> exim</a><br/> - <a href='services_fail2ban.html'> fail2ban</a><br/> - <a href='services_fetchmail.html'> fetchmail</a><br/> - <a href='services_finger.html'> finger</a><br/> - <a href='services_fprintd.html'> fprintd</a><br/> - <a href='services_ftp.html'> ftp</a><br/> - <a href='services_gatekeeper.html'> gatekeeper</a><br/> - <a href='services_git.html'> git</a><br/> - <a href='services_gnomeclock.html'> gnomeclock</a><br/> - <a href='services_gpm.html'> gpm</a><br/> - <a href='services_gpsd.html'> gpsd</a><br/> - <a href='services_hal.html'> hal</a><br/> - <a href='services_hddtemp.html'> hddtemp</a><br/> - <a href='services_howl.html'> howl</a><br/> - <a href='services_i18n_input.html'> i18n_input</a><br/> - <a href='services_icecast.html'> icecast</a><br/> - <a href='services_ifplugd.html'> ifplugd</a><br/> - <a href='services_imaze.html'> imaze</a><br/> - <a href='services_inetd.html'> inetd</a><br/> - <a href='services_inn.html'> inn</a><br/> - <a href='services_ircd.html'> ircd</a><br/> - <a href='services_irqbalance.html'> irqbalance</a><br/> - <a href='services_jabber.html'> jabber</a><br/> - <a href='services_kerberos.html'> kerberos</a><br/> - <a href='services_kerneloops.html'> kerneloops</a><br/> - <a href='services_ksmtuned.html'> ksmtuned</a><br/> - <a href='services_ktalk.html'> ktalk</a><br/> - <a href='services_ldap.html'> ldap</a><br/> - <a href='services_likewise.html'> likewise</a><br/> - <a href='services_lircd.html'> lircd</a><br/> - <a href='services_lpd.html'> lpd</a><br/> - <a href='services_mailman.html'> mailman</a><br/> - <a href='services_matahari.html'> matahari</a><br/> - <a href='services_memcached.html'> memcached</a><br/> - <a href='services_milter.html'> milter</a><br/> - <a href='services_modemmanager.html'> modemmanager</a><br/> - <a href='services_monop.html'> monop</a><br/> - <a href='services_mpd.html'> mpd</a><br/> - <a href='services_mta.html'> mta</a><br/> - <a href='services_munin.html'> munin</a><br/> - <a href='services_mysql.html'> mysql</a><br/> - <a href='services_nagios.html'> nagios</a><br/> - <a href='services_nessus.html'> nessus</a><br/> - <a href='services_networkmanager.html'> networkmanager</a><br/> - <a href='services_nis.html'> nis</a><br/> - <a href='services_nscd.html'> nscd</a><br/> - <a href='services_nsd.html'> nsd</a><br/> - <a href='services_nslcd.html'> nslcd</a><br/> - <a href='services_ntop.html'> ntop</a><br/> - <a href='services_ntp.html'> ntp</a><br/> - <a href='services_nut.html'> nut</a><br/> - <a href='services_nx.html'> nx</a><br/> - <a href='services_oav.html'> oav</a><br/> - <a href='services_oddjob.html'> oddjob</a><br/> - <a href='services_oident.html'> oident</a><br/> - <a href='services_openca.html'> openca</a><br/> - <a href='services_openct.html'> openct</a><br/> - <a href='services_openvpn.html'> openvpn</a><br/> - <a href='services_pads.html'> pads</a><br/> - <a href='services_passenger.html'> passenger</a><br/> - <a href='services_pcscd.html'> pcscd</a><br/> - <a href='services_pegasus.html'> pegasus</a><br/> - <a href='services_perdition.html'> perdition</a><br/> - <a href='services_pingd.html'> pingd</a><br/> - <a href='services_piranha.html'> piranha</a><br/> - <a href='services_plymouthd.html'> plymouthd</a><br/> - <a href='services_policykit.html'> policykit</a><br/> - <a href='services_portmap.html'> portmap</a><br/> - <a href='services_portreserve.html'> portreserve</a><br/> - <a href='services_portslave.html'> portslave</a><br/> - <a href='services_postfix.html'> postfix</a><br/> - <a href='services_postfixpolicyd.html'> postfixpolicyd</a><br/> - <a href='services_postgresql.html'> postgresql</a><br/> - <a href='services_postgrey.html'> postgrey</a><br/> - <a href='services_ppp.html'> ppp</a><br/> - <a href='services_prelude.html'> prelude</a><br/> - <a href='services_privoxy.html'> privoxy</a><br/> - <a href='services_procmail.html'> procmail</a><br/> - <a href='services_psad.html'> psad</a><br/> - <a href='services_publicfile.html'> publicfile</a><br/> - <a href='services_puppet.html'> puppet</a><br/> - <a href='services_pxe.html'> pxe</a><br/> - <a href='services_pyicqt.html'> pyicqt</a><br/> - <a href='services_pyzor.html'> pyzor</a><br/> - <a href='services_qmail.html'> qmail</a><br/> - <a href='services_qpidd.html'> qpidd</a><br/> - <a href='services_radius.html'> radius</a><br/> - <a href='services_radvd.html'> radvd</a><br/> - <a href='services_razor.html'> razor</a><br/> - <a href='services_rdisc.html'> rdisc</a><br/> - <a href='services_remotelogin.html'> remotelogin</a><br/> - <a href='services_resmgr.html'> resmgr</a><br/> - <a href='services_rgmanager.html'> rgmanager</a><br/> - <a href='services_rhcs.html'> rhcs</a><br/> - <a href='services_rhgb.html'> rhgb</a><br/> - <a href='services_ricci.html'> ricci</a><br/> - <a href='services_rlogin.html'> rlogin</a><br/> - <a href='services_roundup.html'> roundup</a><br/> - <a href='services_rpc.html'> rpc</a><br/> - <a href='services_rpcbind.html'> rpcbind</a><br/> - <a href='services_rshd.html'> rshd</a><br/> - <a href='services_rsync.html'> rsync</a><br/> - <a href='services_rtkit.html'> rtkit</a><br/> - <a href='services_rwho.html'> rwho</a><br/> - <a href='services_samba.html'> samba</a><br/> - <a href='services_sasl.html'> sasl</a><br/> - <a href='services_sendmail.html'> sendmail</a><br/> - <a href='services_setroubleshoot.html'> setroubleshoot</a><br/> - <a href='services_slrnpull.html'> slrnpull</a><br/> - <a href='services_smartmon.html'> smartmon</a><br/> - <a href='services_smokeping.html'> smokeping</a><br/> - <a href='services_snmp.html'> snmp</a><br/> - <a href='services_snort.html'> snort</a><br/> - <a href='services_soundserver.html'> soundserver</a><br/> - <a href='services_spamassassin.html'> spamassassin</a><br/> - <a href='services_speedtouch.html'> speedtouch</a><br/> - <a href='services_squid.html'> squid</a><br/> - <a href='services_ssh.html'> ssh</a><br/> - <a href='services_sssd.html'> sssd</a><br/> - <a href='services_stunnel.html'> stunnel</a><br/> - <a href='services_sysstat.html'> sysstat</a><br/> - <a href='services_tcpd.html'> tcpd</a><br/> - <a href='services_telnet.html'> telnet</a><br/> - <a href='services_tftp.html'> tftp</a><br/> - <a href='services_tgtd.html'> tgtd</a><br/> - <a href='services_timidity.html'> timidity</a><br/> - <a href='services_tor.html'> tor</a><br/> - <a href='services_transproxy.html'> transproxy</a><br/> - <a href='services_tuned.html'> tuned</a><br/> - <a href='services_ucspitcp.html'> ucspitcp</a><br/> - <a href='services_ulogd.html'> ulogd</a><br/> - <a href='services_uptime.html'> uptime</a><br/> - <a href='services_usbmuxd.html'> usbmuxd</a><br/> - <a href='services_uucp.html'> uucp</a><br/> - <a href='services_uwimap.html'> uwimap</a><br/> - <a href='services_varnishd.html'> varnishd</a><br/> - <a href='services_vdagent.html'> vdagent</a><br/> - <a href='services_vhostmd.html'> vhostmd</a><br/> - <a href='services_virt.html'> virt</a><br/> - <a href='services_w3c.html'> w3c</a><br/> - <a href='services_watchdog.html'> watchdog</a><br/> - <a href='services_xfs.html'> xfs</a><br/> - <a href='services_xprint.html'> xprint</a><br/> - <a href='services_xserver.html'> xserver</a><br/> - <a href='services_zabbix.html'> zabbix</a><br/> - <a href='services_zebra.html'> zebra</a><br/> - <a href='services_zosremote.html'> zosremote</a><br/> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: services</h1><p/> <h2>Module: ssh</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <a href=#templates>Templates</a> <h3>Description:</h3> <p><p>Secure shell client and server policy.</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_allow_ssh_keysign"></a> <div id="interface"> <div id="codeblock">allow_ssh_keysign</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> allow host key based authentication </p><p> </p> </div></div> <a name="link_ssh_sysadm_login"></a> <div id="interface"> <div id="codeblock">ssh_sysadm_login</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow ssh logins as sysadm_r:sysadm_t </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_ssh_admin_server"></a> <div id="interface"> <div id="codeblock"> <b>ssh_admin_server</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> All of the rules required to administrate an sshd environment </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_agent_exec"></a> <div id="interface"> <div id="codeblock"> <b>ssh_agent_exec</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the ssh agent client in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_create_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>ssh_create_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create Secure Shell home directory content. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_delete_tmp"></a> <div id="interface"> <div id="codeblock"> <b>ssh_delete_tmp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete from the ssh temp files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>ssh_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the ssh daemon sshd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_domtrans_keygen"></a> <div id="interface"> <div id="codeblock"> <b>ssh_domtrans_keygen</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the ssh key generator in the ssh keygen domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_dontaudit_read_server_keys"></a> <div id="interface"> <div id="codeblock"> <b>ssh_dontaudit_read_server_keys</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read ssh server keys </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_dontaudit_rw_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>ssh_dontaudit_rw_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read and write ssh server TCP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_ssh_exec"></a> <div id="interface"> <div id="codeblock"> <b>ssh_exec</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the ssh client in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_initrc_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>ssh_initrc_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute sshd server in the sshd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the process performing this action. </p> </td></tr> </table> </div> </div> <a name="link_ssh_manage_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>ssh_manage_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage ssh home directory content </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_read_pipes"></a> <div id="interface"> <div id="codeblock"> <b>ssh_read_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read a ssh server unnamed pipe. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_read_user_home_files"></a> <div id="interface"> <div id="codeblock"> <b>ssh_read_user_home_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read ssh home directory content </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_run_keygen"></a> <div id="interface"> <div id="codeblock"> <b>ssh_run_keygen</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute ssh-keygen in the iptables domain, and allow the specified role the ssh-keygen domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>ssh_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write a ssh server unnamed pipe. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_rw_stream_sockets"></a> <div id="interface"> <div id="codeblock"> <b>ssh_rw_stream_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write ssh server unix domain stream sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_rw_tcp_sockets"></a> <div id="interface"> <div id="codeblock"> <b>ssh_rw_tcp_sockets</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write ssh server TCP sockets. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_setattr_key_files"></a> <div id="interface"> <div id="codeblock"> <b>ssh_setattr_key_files</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of sshd key files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>ssh_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to the ssh server. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_signal"></a> <div id="interface"> <div id="codeblock"> <b>ssh_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a generic signal to the ssh server. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_signull"></a> <div id="interface"> <div id="codeblock"> <b>ssh_signull</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a null signal to sshd processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_ssh_tcp_connect"></a> <div id="interface"> <div id="codeblock"> <b>ssh_tcp_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Connect to SSH daemons over TCP sockets. (Deprecated) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> <a name="templates"></a> <h3>Templates: </h3> <a name="link_ssh_basic_client_template"></a> <div id="template"> <div id="codeblock"> <b>ssh_basic_client_template</b>( userdomain_prefix , user_domain , user_role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Basic SSH client template. </p> <h5>Description</h5> <p> </p><p> This template creates a derived domains which are used for ssh client sessions. A derived type is also created to protect the user ssh keys. </p><p> </p><p> This template was added for NX. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the domain (e.g., user is the prefix for user_t). </p> </td></tr> <tr><td> user_domain </td><td> <p> The type of the domain. </p> </td></tr> <tr><td> user_role </td><td> <p> The role associated with the user domain. </p> </td></tr> </table> </div> </div> <a name="link_ssh_role_template"></a> <div id="template"> <div id="codeblock"> <b>ssh_role_template</b>( role_prefix , role , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Role access for ssh </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role_prefix </td><td> <p> The prefix of the role (e.g., user is the prefix for user_r). </p> </td></tr> <tr><td> role </td><td> <p> Role allowed access </p> </td></tr> <tr><td> domain </td><td> <p> User domain for the role </p> </td></tr> </table> </div> </div> <a name="link_ssh_server_template"></a> <div id="template"> <div id="codeblock"> <b>ssh_server_template</b>( userdomain_prefix )<br> </div> <div id="description"> <h5>Summary</h5> <p> The template to define a ssh server. </p> <h5>Description</h5> <p> </p><p> This template creates a domains to be used for creating a ssh server. This is typically done to have multiple ssh servers of different sensitivities, such as for an internal network-facing ssh server, and a external network-facing ssh server. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> userdomain_prefix </td><td> <p> The prefix of the server domain (e.g., sshd is the prefix for sshd_t). </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>