Apologies if this is a FAQ; I couldn't find an answer on openssh.com or
the mailing list archive....
Commercial SSH (I looked at 1.2.30) allocates privileged ports by counting
/downwards/ from 1023, so that it will obtain a socket with (roughly
speaking) the highest available privileged port number. This also appears
to be the behaviour of rsh et al:
(from sshconnect.c; whitespace elided)
for (p = 1023; p > 512; p--)
{
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0)
fatal("socket: %.100s", strerror(errno));
/* Initialize the desired sockaddr_in structure. */
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_port = htons(p);
/* Try to bind the socket to the privileged port. */
#if defined(SOCKS)
if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
break; /* Success. */
#else /* SOCKS */
if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
break; /* Success. */
#endif /* SOCKS */
if (errno == EADDRINUSE)
{
close(sock);
continue;
}
fatal("bind: %.100s", strerror(errno));
}
The portable OpenSSH distribution appears to count /upwards/ from 600:
(from bsd-bindresvport.c; whitespace elided)
for(i = 0; i < NPORTS; i++) {
*portp = htons(port);
error = bind(sd, sa, salen);
/* Terminate on success */
if (error == 0)
break;
/* Terminate on errors, except "address already in use" */
if ((error < 0) && !((errno == EADDRINUSE) || (errno == EINVAL)))
break;
port++;
if (port > ENDPORT)
port = STARTPORT;
}
This creates problems in environments where a range of privileged ports
(those which correspond to well-known services) are firewalled out,
leaving the range from ~850 to 1023 available. From this point of view, it
would seem desirable to count downwards as stock ssh does, rather than
upwards.
What is the reasoning behind this decision?
Chris Lightfoot -- http://www.ex-parrot.com/~chris/
The meek may inherit the earth - but not its mineral rights (Getty)