openssh unix dev - Nov 2023 - OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023

Hi!

----

I'm doing some testing with the ssh client OpenSSH on Windows 10
(10.0-19045) but due to firewall restrictions I need to run my
experiments from a local port < 1024 (not negotiable).

I thought that this was no problem... but ssh |bind()| fails with
"address in use" (yes, I checked netstat, no one is there) for any
port < 1023.
Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange
protocol=tcp # and the same for IPv6, noone is using ports.

This *feels* like the "restricted port range" (1-1023) on UNIX/Linux,
where only "root" can do a |bind()| with a local port < 1023, but
this
is Windows, and even as "Administrator" this still fails.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang
talks about a "... well-known ports that are used by services and
applications...", but I do not know where to set that (for a Cygwin
process).

Does anyone know what is going on ? Is there a way around this ?

----

Bye,
Roland
-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz at nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix
programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

On Sat, 11 Nov 2023 at 14:26, Roland Mainz <roland.mainz at nrubsig.org>
wrote:
>
> Hi!
>
> ----
>
> I'm doing some testing with the ssh client OpenSSH on Windows 10
> (10.0-19045) but due to firewall restrictions I need to run my
> experiments from a local port < 1024 (not negotiable).
>
> I thought that this was no problem... but ssh |bind()| fails with
> "address in use" (yes, I checked netstat, no one is there) for
any
> port < 1023.
> Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange
> protocol=tcp # and the same for IPv6, noone is using ports.
>
> This *feels* like the "restricted port range" (1-1023) on
UNIX/Linux,
> where only "root" can do a |bind()| with a local port < 1023,
but this
> is Windows, and even as "Administrator" this still fails.
>
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang
> talks about a "... well-known ports that are used by services and
> applications...", but I do not know where to set that (for a Cygwin
> process).
>
> Does anyone know what is going on ? Is there a way around this ?
How can Windows sshd bind() to port 22? How do they do that, and maybe
that is a solution?

Ced
-- 
Cedric Blancher <cedric.blancher at gmail.com>
[https://plus.google.com/u/0/+CedricBlancher/]
Institute Pasteur

On Sun, 12 Nov 2023 at 00:31, Roland Mainz <roland.mainz at nrubsig.org>
wrote:
> I'm doing some testing with the ssh client OpenSSH on Windows 10
> (10.0-19045) but due to firewall restrictions I need to run my
> experiments from a local port < 1024 (not negotiable).
Do you mean "make an SSH connection from a low-numbered port"?   What
version are you using?  Exactly what command(s) are you running?  IPv4
or v6?

As of
https://github.com/openssh/openssh-portable/commit/73ddb25bae (version
7.8p1 and newer) ssh(1) just delegates the permission check to the
underlying operating system and doesn't enforce anything itself.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.