Implementing IP_FREEBIND in OpenSSH
dbelyavs at redhat.com
Wed Jul 28 17:46:54 AEST 2021
On Wed, Jul 28, 2021 at 1:19 AM Damien Miller <djm at mindrot.org> wrote:
> On Tue, 27 Jul 2021, Dmitry Belyavskiy wrote:
> Perhaps make ip_nonlocal_bind=2 allow root to bind non-locally without
> restriction. That might solve the problem for sshd and all other network
Yes. It's one of the currently recommended workarounds.
If SO_BINDANY does turn out to be cross platform without heavy caveats,
> then perhaps a flag on this existing Listen directive would be more
> acceptable, e.g. "Listen 220.127.116.11 bindany" - there is prior art
> for such flags in the existing "rdomain" one.
Yes, it's the reasonable syntax for this purpose. Many thanks for the clue!
More information about the openssh-unix-dev