[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSHD Wierdness



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 14:53 -0600 on 9/1/99, Michael Shutes wrote:
> this really isn't a OBSD specific question, but an SSHD question. I thought
> someone here might have an answer.
>
> Has anyone else noticed that if you run sshd as root or from inetd on a box
> (almost any platform, I've seen it happen on Irix, AIX, and Linux now), and
> you attempt to use the ssh client from that box to elsewhere it picks a
> random port BELOW 1024, for any given user?
>
> WTF? the client is sourcing from privileged ports, this annoys me.
> I'm just wondering why the hell it does that.
>
> Anybody know?
>
> Michael Shutes
> ---
>  "So long as they don't get violent, I want to let everyone say what
>  they wish, for I myself have always said exactly what pleased me."
>   -- Albert Einstein


See sshconnect.c in ssh_create_socket():

  /* If we are running as root and want to connect to a privileged port,
     bind our own socket to a privileged port. */

Also see ssh(1), specifically the -P option.

It's tradition, and even a tradition that has reasons behind it.  This comes
from rsh, and .rhosts/hosts.equiv authentication.  Connections with .rhosts
auth to priv ports fail if the origin port isn't also privileged.


Rich

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm

iQA/AwUBN82jqmKSuJuuNAZUEQKYMwCgp0pex9k4+tU6k0tc4P3803qAfTQAnjYV
WZtKlwzHTdgEvpb4pauxbVtT
=/8aI
-----END PGP SIGNATURE-----