Amazon EC2 Instance No SSH After Enabling SELinux – Regain Access

2019, May 24    


I changed the default listening port for OpenSSH. Later on, I forgot that I had SELinux off for testing and when I turned it back on I couldn’t ssh to the EC2 instance.


  1. Stop the broken instance 
  2. Detach the EBS (root) volume of the broken instance.
  3. Start a new EC2 instance in the same region that runs the same OS as the broken instance 
  4. Attach the original EBS root volume as a secondary volume to your new instance.
  5. Once you’ve mounted the broken volume somewhere on the new instance
  6. Set SELinux to permissive mode in its config file.
  7. Once you’ve set permissive mode for SELinux, shutdown the instance.
  8. Detach the volume.
  9. Reattach the volume as the root volume to the original broken instance.
  10. Start the instance back up. You should be able to connect via ssh.
  11. Now set SELinux to listen for ssh on the alternate port.
$ semanage port -a -t ssh_port_t -p tcp 1234
  1. Set SELinux’s config to enforcing mode and reboot. If you still have access after the reboot you should be good to go.