diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index bfabd20d..3571a4af 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -40,6 +40,9 @@ gen_tunable(fcron_crond,false)
 ## </tunable>
 gen_tunable(read_default_t,false)
 
+## Allow ssh to run from inetd instead of as a daemon.
+gen_tunable(run_ssh_inetd,false)
+
 ## <tunable name="secure_mode" dftval="false">
 ##	Enabling secure mode disallows programs, such as
 ##	newrole, from transitioning to administrative
@@ -47,6 +50,9 @@ gen_tunable(read_default_t,false)
 ## </tunable>
 gen_bool(secure_mode,false)
 
+## Allow ssh logins as sysadm_r:sysadm_t
+gen_tunable(ssh_sysadm_login,false)
+
 ## <tunable name="staff_read_sysadm_file" dftval="false">
 ##	Allow staff_r users to search the sysadm home 
 ##	dir and read files (such as ~/.bashrc)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 2c6e0de0..6ac89269 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -6,11 +6,7 @@ policy_module(ssh,1.0)
 # Declarations
 #
 
-# Allow ssh logins as sysadm_r:sysadm_t
-bool ssh_sysadm_login false;
-
-# Allow ssh to run from inetd instead of as a daemon.
-bool run_ssh_inetd false;
+attribute ssh_server;
 
 # Type for the ssh-agent executable.
 type ssh_agent_exec_t;