The openSSH ssh command appears to not use a source privileged port
(no matter what the options/configs) if the target port
isn't a privileged port.
For example:
ssh -p 22222 foo.ucla.edu
would never try to connect from a privileged port. Even with
useprivilegedport=yes. This disallows .shosts RSA host authentication
without a password.
This breaks compatability with ssh-1.2.27 and isn't documented anywhere
except possibly in the source to the ssh_create_socket function in
sshconnect.c:
/*
* If we are running as root and want to connect to a privileged
* port, bind our own socket to a privileged port.
*/
if (privileged) {
int p = IPPORT_RESERVED - 1;
sock = rresvport_af(&p, family);
if (sock < 0)
error("rresvport: af=%d %.100s", family,
strerror(errno)
);
else
debug("Allocated local port %d.", p);
} else {
/*
* Just create an ordinary socket on arbitrary port. We use
* the user's uid to create the socket.
*/
temporarily_use_uid(original_real_uid);
sock = socket(family, SOCK_STREAM, 0);
if (sock < 0)
error("socket: %.100s", strerror(errno));
restore_uid();
}
It would make more sense to me that "useprivilegedport=yes" would
result
in the use of a privileged port (assuming possible) no matter what the
target port was.
Is there any real reason that the ssh target port should affect the
choice of source port?