Hello,
The ssh client checks for privileged ports when a local forward is about to be
set. This is done in readconf.c's function "add_local_forward":
??? if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid
!= 0)
??? ??? fatal("Privileged ports can only be forwarded by root.");
The constant IPPORT_RESERVED is system wide and fixed at make time. This test is
not compatible with local and dynamic strategies such as authbind. I would like
a non-privileged user (uid!=0) to be able to forward local port, such as 443.
Authbind is correctly setup on my Linux box: "$ uptime | authbind nc
127.0.0.1 -l 443" runs smoothly.
But "$ authbind ssh -L 443:someserver:443 ..." does not because of the
previous check.
IMO the check should not be done when parsing the argument of the ssh client.
The client should die when the port opening fails.
I've not reported the bug/compatibility issue yet, I would like some
feedback from OpenSSH developers before.
Regards,
- Florent Ouchet
Une messagerie gratuite, garantie ? vie et des services en plus, ?a vous tente ?
Je cr?e ma bo?te mail www.laposte.net
