diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc
index e69de29bb..7dde1fdb5 100644
--- a/refpolicy/policy/modules/services/ssh.fc
+++ b/refpolicy/policy/modules/services/ssh.fc
@@ -0,0 +1,16 @@
+/etc/ssh/primes			--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_key 		--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_dsa_key	--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_rsa_key	--	system_u:object_r:sshd_key_t
+
+/usr/bin/ssh			--	system_u:object_r:ssh_exec_t
+/usr/bin/ssh-agent		--	system_u:object_r:ssh_agent_exec_t
+/usr/bin/ssh-keygen		--	system_u:object_r:ssh_keygen_exec_t
+
+/usr/sbin/sshd			--	system_u:object_r:sshd_exec_t
+
+/var/run/sshd\.init\.pid	--	system_u:object_r:sshd_var_run_t
+
+ifdef(`targeted_policy', `', `
+HOME_DIR/\.ssh(/.*)?			system_u:object_r:ROLE_home_ssh_t
+')
diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc
index d1cf6c33e..4fe103f76 100644
--- a/refpolicy/policy/modules/system/corecommands.fc
+++ b/refpolicy/policy/modules/system/corecommands.fc
@@ -60,14 +60,23 @@ ifdef(`distro_gentoo', `
 
 /usr(/.*)?/sbin(/.*)?		context_template(system_u:object_r:sbin_t,s0)
 
+/usr/lib(64)?/sftp-server --	context_template(system_u:object_r:bin_t,s0)
+
 /usr/lib(64)?/emacsen-common/.*	context_template(system_u:object_r:bin_t,s0)
 
+/usr/lib(64)?/misc/sftp-server	--	context_template(system_u:object_r:bin_t,s0)
+
+ifdef(`distro_suse', `
+/usr/lib(64)?/ssh/.*		--	context_template(system_u:object_r:bin_t,s0)
+')
+
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird	-- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0)
 
 /usr/libexec(/.*)?		context_template(system_u:object_r:bin_t,s0)
+/usr/libexec/openssh/sftp-server -- context_template(system_u:object_r:bin_t,s0)
 
 /usr/sbin/sesh		--	context_template(system_u:object_r:shell_exec_t,s0)