Binding ssh to priviledged port breaks rule (port < 1024 => system service)
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Tue Feb 15 00:17:54 EST 2000
On Mon, Feb 14, 2000 at 01:54:00PM +0100, Ola Sigurdson wrote:
> I'm sure there is a rationale for binding the ssh client to a
> priviledged port. (Which?)
for rhosts/rhosts-rsa authentication the server has to trust the
username supplied by the client program.
the client is only trusted if it runs as root and 'shows' its
privileges by binding to a random low port.
you can turn this behaviour of with:
Host *
UsePrivilegedPort no
or
Host *
RhostsAuthentication no
RhostsRSAAuthentication no
-markus
More information about the openssh-unix-dev
mailing list