BindAddress with Openssh
David Moline
drm at bable.com.au
Thu Mar 21 21:01:57 EST 2002
Hi
In a nutshell, the BindAddress functionality doesn't seem to work (at
least on Solaris 7 when using the fake-gettaddrinfo module provided). I
haven't been able to test on other OS versions or using an OS library
provided getaddrinfo (such as OpenBSD), but the unless the functionality
of getaddrinfo is majorly different, I think this problem would be
similar everywhere.
The code in question in sshconnect.c (lines 201 to 209) to first checks
if the options.bindaddr is NULL, if it is not it sets the hints.ai_flag
value to AI_PASSIVE. The effect of this seems to me to bind the outgoing
connections to "anyaddr" not the address specified by options.bindaddr.
If the AI_PASSIVE assignment at line 208 is removed, then the bind
address for outgoing connections operates as expected.
I'm not sure of the security implications of changing or removing this
line of code, but your thoughts would be appreciated.
Regards
David Moline
Bable Consulting
Melbourne, Australia
+61 (0) 418 599 933
More information about the openssh-unix-dev
mailing list