Implementing IP_FREEBIND in OpenSSH

Dmitry Belyavskiy dbelyavs at
Wed Jul 28 17:46:54 AEST 2021

Dear Damien,

On Wed, Jul 28, 2021 at 1:19 AM Damien Miller <djm at> wrote:

> On Tue, 27 Jul 2021, Dmitry Belyavskiy wrote:
> Perhaps make ip_nonlocal_bind=2 allow root to bind non-locally without
> restriction. That might solve the problem for sshd and all other network
> daemons?

Yes. It's one of the currently recommended workarounds.

If SO_BINDANY does turn out to be cross platform without heavy caveats,
> then perhaps a flag on this existing Listen directive would be more
> acceptable, e.g. "Listen bindany" - there is prior art
> for such flags in the existing "rdomain" one.

Yes, it's the reasonable syntax for this purpose. Many thanks for the clue!

Dmitry Belyavskiy

More information about the openssh-unix-dev mailing list