Implementing IP_FREEBIND in OpenSSH
Dmitry Belyavskiy
dbelyavs at redhat.com
Wed Jul 28 17:46:54 AEST 2021
Dear Damien,
On Wed, Jul 28, 2021 at 1:19 AM Damien Miller <djm at mindrot.org> wrote:
> On Tue, 27 Jul 2021, Dmitry Belyavskiy wrote:
>
> Perhaps make ip_nonlocal_bind=2 allow root to bind non-locally without
> restriction. That might solve the problem for sshd and all other network
> daemons?
>
Yes. It's one of the currently recommended workarounds.
If SO_BINDANY does turn out to be cross platform without heavy caveats,
> then perhaps a flag on this existing Listen directive would be more
> acceptable, e.g. "Listen 111.222.33.44 bindany" - there is prior art
> for such flags in the existing "rdomain" one.
>
Yes, it's the reasonable syntax for this purpose. Many thanks for the clue!
--
Dmitry Belyavskiy
More information about the openssh-unix-dev
mailing list