search for: cap_net_bind

...- root privileges were needed to read the host keys for Protocol 2 hostbased authentication, but that need was replaced by the ssh-keysign setuid helper program, also in 2002. So, does anyone use these and if so why? If it's for low numbered ports, there are safer ways to do that these days (CAP_NET_BIND or similar if you have it, or a small setuid ProxyCommand). Thanks. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.