Here is a patch to scp made against openssh-2.1.1p2 that adds the -L option to scp. The -L option tells scp to use nonprivilaged ports (by passing ssh the -P option). The non-free ssh's scp has this option, and it is required under some firewall setups (like mine) for scp to function. Please let me know if there are any problems with this patch, or if there is anything I can do to help get this feature into the official openssh version. -------------- next part -------------- --- openssh-2.1.1p2.orig/scp.c Thu Jun 22 06:32:32 2000 +++ openssh-2.1.1p2/scp.c Fri Jul 7 12:28:27 2000 @@ -8,6 +8,11 @@ * * 1995 Timo Rinne <tri at iki.fi>, Tatu Ylonen <ylo at cs.hut.fi> * + * Changes: + * + * 2000/7/7 Jason Spangler <jasons at usemail.com> + * Added nonprivilaged port option -L that passes -P option to SSH + * */ /* @@ -93,6 +98,9 @@ and passphrase queries are not allowed). */ int batchmode = 0; +/* This is set to non-zero if a non-privilaged port is desired. */ +int nonprivilaged_port = 0; + /* This is set to the cipher type string if given on the command line. */ char *cipher = NULL; @@ -161,6 +169,8 @@ args[i++] = "-C"; if (batchmode) args[i++] = "-oBatchMode yes"; + if (nonprivilaged_port) + args[i++] = "-P"; if (cipher != NULL) { args[i++] = "-c"; args[i++] = cipher; @@ -252,7 +262,7 @@ extern int optind; fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46")) != EOF) + while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46L")) != EOF) switch (ch) { /* User-visible flags. */ case '4': @@ -300,6 +310,9 @@ case 'q': showprogress = 0; break; + case 'L': + nonprivilaged_port = 1; + break; case '?': default: usage(); @@ -406,16 +419,18 @@ else if (!okname(suser)) continue; (void) sprintf(bp, - "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", + "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", SSH_PROGRAM, verbose_mode ? " -v" : "", + nonprivilaged_port ? " -P" : "", suser, host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else { host = cleanhostname(argv[i]); (void) sprintf(bp, - "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'", + "exec %s%s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'", SSH_PROGRAM, verbose_mode ? " -v" : "", + nonprivilaged_port ? " -P" : "", host, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); --- openssh-2.1.1p2.orig/scp.1 Wed Apr 12 21:26:37 2000 +++ openssh-2.1.1p2/scp.1 Fri Jul 7 12:25:32 2000 @@ -106,6 +106,14 @@ Forces .Nm to use IPv6 addresses only. +.It Fl L +Use a non-privileged port for outgoing connections. +This can be used if your firewall does +not permit connections from privileged ports. +Note that this option turns off +.Cm RhostsAuthentication +and +.Cm RhostsRSAAuthentication . .Sh AUTHORS Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi> .Sh HISTORY --- openssh-2.1.1p2.orig/scp.0 Sat Jul 1 04:43:10 2000 +++ openssh-2.1.1p2/scp.0 Fri Jul 7 12:27:42 2000 @@ -56,6 +56,11 @@ -6 Forces scp to use IPv6 addresses only. + -L Use a non-privileged port for outgoing connections. This can be + used if your firewall does not permit connections from privileged + ports. Note that this option turns off RhostsAuthentication and + RhostsRSAAuthentication. + AUTHORS Timo Rinne <tri at iki.fi> and Tatu Ylonen <ylo at cs.hut.fi>