Ola Sigurdson
2000-Feb-14 12:54 UTC
Binding ssh to priviledged port breaks rule (port < 1024 => system service)
I'm sure there is a rationale for binding the ssh client to a priviledged port. (Which?) However there are several drawbacks to this: o It breaks firewall rules that assume that user connections start at port > 1024 or > 32768. o It breaks monitoring software using the same assumptions. o Every suid program is a separate evil (caused by the flawed security model in most unices). I therefore suggest that distribution ship with no suid. Anyway, thanks for a great piece of software. /Ola Sigurdson -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1116 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000214/5aea133f/attachment.bin
Nigel Metheringham
2000-Feb-14 13:06 UTC
Binding ssh to priviledged port breaks rule (port < 1024 => system service)
Ola at Sigurdson.SE said:> I'm sure there is a rationale for binding the ssh client to a > priviledged port. (Which?)If you are doing rsh like authentication (you trust the host (having authenticated the host), on the identity of the user as opposed to making the user authenticate with his own keys), then you need to be able to read the host key (that requires root normally). Tied in with that is the server expects connections from trusted hosts should be originated from priv ports. You can just knock the SUID bit off ssh if you use only user based keys and/or password authentication, and do not use host based authentication. Nigel. -- [ - Opinions expressed are personal and may not be shared by VData - ] [ Nigel Metheringham Nigel.Metheringham at VData.co.uk ] [ Phone: +44 1423 850000 Fax +44 1423 858866 ]
Markus Friedl
2000-Feb-14 13:17 UTC
Binding ssh to priviledged port breaks rule (port < 1024 => system service)
On Mon, Feb 14, 2000 at 01:54:00PM +0100, Ola Sigurdson wrote:> I'm sure there is a rationale for binding the ssh client to a > priviledged port. (Which?)for rhosts/rhosts-rsa authentication the server has to trust the username supplied by the client program. the client is only trusted if it runs as root and 'shows' its privileges by binding to a random low port. you can turn this behaviour of with: Host * UsePrivilegedPort no or Host * RhostsAuthentication no RhostsRSAAuthentication no -markus
sen_ml at eccosys.com
2000-Feb-14 13:42 UTC
Binding ssh to priviledged port breaks rule (port < 1024 => system service)
Ola> o It breaks firewall rules that assume that user connections start at Ola> port > 1024 or > 32768. bad assumption on the part of the rule writer. Ola> o It breaks monitoring software using the same assumptions. bad assumption on the part of the software author. Ola> o Every suid program is a separate evil (caused by the flawed security Ola> model in most unices). using setuid properly is hard, but setuid is not evil, imo.