Roland Mainz
2023-Nov-11 13:22 UTC
OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023
Hi! ---- I'm doing some testing with the ssh client OpenSSH on Windows 10 (10.0-19045) but due to firewall restrictions I need to run my experiments from a local port < 1024 (not negotiable). I thought that this was no problem... but ssh |bind()| fails with "address in use" (yes, I checked netstat, no one is there) for any port < 1023. Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange protocol=tcp # and the same for IPv6, noone is using ports. This *feels* like the "restricted port range" (1-1023) on UNIX/Linux, where only "root" can do a |bind()| with a local port < 1023, but this is Windows, and even as "Administrator" this still fails. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang talks about a "... well-known ports that are used by services and applications...", but I do not know where to set that (for a Cygwin process). Does anyone know what is going on ? Is there a way around this ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)
Cedric Blancher
2023-Nov-12 23:20 UTC
OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023
On Sat, 11 Nov 2023 at 14:26, Roland Mainz <roland.mainz at nrubsig.org> wrote:> > Hi! > > ---- > > I'm doing some testing with the ssh client OpenSSH on Windows 10 > (10.0-19045) but due to firewall restrictions I need to run my > experiments from a local port < 1024 (not negotiable). > > I thought that this was no problem... but ssh |bind()| fails with > "address in use" (yes, I checked netstat, no one is there) for any > port < 1023. > Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange > protocol=tcp # and the same for IPv6, noone is using ports. > > This *feels* like the "restricted port range" (1-1023) on UNIX/Linux, > where only "root" can do a |bind()| with a local port < 1023, but this > is Windows, and even as "Administrator" this still fails. > https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang > talks about a "... well-known ports that are used by services and > applications...", but I do not know where to set that (for a Cygwin > process). > > Does anyone know what is going on ? Is there a way around this ?How can Windows sshd bind() to port 22? How do they do that, and maybe that is a solution? Ced -- Cedric Blancher <cedric.blancher at gmail.com> [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur
Darren Tucker
2023-Nov-23 02:41 UTC
OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023
On Sun, 12 Nov 2023 at 00:31, Roland Mainz <roland.mainz at nrubsig.org> wrote:> I'm doing some testing with the ssh client OpenSSH on Windows 10 > (10.0-19045) but due to firewall restrictions I need to run my > experiments from a local port < 1024 (not negotiable).Do you mean "make an SSH connection from a low-numbered port"? What version are you using? Exactly what command(s) are you running? IPv4 or v6? As of https://github.com/openssh/openssh-portable/commit/73ddb25bae (version 7.8p1 and newer) ssh(1) just delegates the permission check to the underlying operating system and doesn't enforce anything itself. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.