SSH connection hangs with ipchains/RH6.2/OpenSSH 2.5.1p1 (butnot <= 2.3.0p1)
Pekka Savola
pekkas at netcore.fi
Thu Feb 22 19:22:17 EST 2001
On Wed, 21 Feb 2001, Troy Carter wrote:
> I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on
> the client side (wasn't before?). I had a ipchains rule to allow ACK
> packets to 1024:65535, which was good enough for <= 2.3.0p1 :
<snip>
> Now everything is fine. I even see the config file option to switch
> back to using non-priveleged ports. What was the reason for switching
> to priveleged by default in 2.5.1p1?
This has always been the case, and is caused by the setuid bit (by
default) in your ssh binary.
You can disable this (as you probably had done) by removing the bit, or
adding 'UsePrivilegedPort no' in your ssh_config. (Note that this breaks
RhostsAuthentication, see man page)
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list