Binding ssh to priviledged port breaks rule (port < 1024 => system service)

[Nigel Metheringham]

Ola at Sigurdson.SE said:
> I'm sure there is a rationale for binding the ssh client to a
> priviledged port. (Which?)

If you are doing rsh like authentication (you trust the host (having 
authenticated the host), on the identity of the user as opposed to 
making the user authenticate with his own keys), then you need to be 
able to read the host key (that requires root normally).  Tied in with 
that is the server expects connections from trusted hosts should be 
originated from priv ports.

You can just knock the SUID bit off ssh if you use only user based keys 
and/or password authentication, and do not use host based 
authentication.

	Nigel.

-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham at VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]