Binding ssh to priviledged port breaks rule (port < 1024 => system service)

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Tue Feb 15 00:17:54 EST 2000


On Mon, Feb 14, 2000 at 01:54:00PM +0100, Ola Sigurdson wrote:
> I'm sure there is a rationale for binding the ssh client to a
> priviledged port. (Which?)

for rhosts/rhosts-rsa authentication the server has to trust the
username supplied by the client program.

the client is only trusted if it runs as root and 'shows' its
privileges by binding to a random low port.

you can turn this behaviour of with:
	Host *
		UsePrivilegedPort no
or
	Host *
		RhostsAuthentication	no
		RhostsRSAAuthentication	no

-markus





More information about the openssh-unix-dev mailing list