On Wed, Dec 14, 2005 at 06:39:26 +0100, Bjørn Ruberg wrote: > "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> writes: > > > > And, what's the means for "bindind the ssh server to a higher > > > port"? > > > > A "higher port" means a portnumber somewhere above 1024. Normally > > ssh binds to port 22/tcp (see above). In sshd_config you can tell it > > to bind to 49152 or something. > > The important thing to know about high and low ports is that on *nix > systems, only the root user may bind a service to ports below 1024, > while regular users can start any kind of service and making it > available through TCP or UDP ports above and including 1024. > > Because you don't want to run the risk of your SSH server being > replaced by some shady regular-user process which will gladly pick up > your login credentials, the smart thing is to bind services like SSH > to ports below 1024. In order to bind to the correct port wouldn't the existing SSHD process need to be killed? Or at least redirected to listen on another port so the "shady" process could act as an intermediary. For that to happen wouldn't the attacker need root privileges anyway? -- morals are for little people Jenny Solzer
