Hi. Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for what use case? ssh(1) has had code in it to support installing setuid root since approximately forever, however OpenBSD has not shipped it in that configuration since 2002 (and I suspect these days no vendor does). As far as I can tell, all of the reasons for this no longer apply: - setuid root was needed to bind to a privileged (low numbered) ports. - privileged ports were needed for rhosts and rhostsrsa authentication. rhosts is long dead, and rhostsrsa went with the last of Protocol 1. - root privileges were needed to read the host keys for Protocol 2 hostbased authentication, but that need was replaced by the ssh-keysign setuid helper program, also in 2002. So, does anyone use these and if so why? If it's for low numbered ports, there are safer ways to do that these days (CAP_NET_BIND or similar if you have it, or a small setuid ProxyCommand). Thanks. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev