Hi, On Fri, Jul 06, 2018 at 03:58:30PM +1000, Darren Tucker wrote: > Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for > what use case? [..] > So, does anyone use these and if so why? If it's for low numbered > ports, there are safer ways to do that these days (CAP_NET_BIND or > similar if you have it, or a small setuid ProxyCommand). I think we have one customer connection where their firewall admin thinks "it is more secure that way" - read, we can't ssh in if we come from high ports. OTOH, thanks for the pointer with ProxyCommand - it's a very specific niche problem with a viable workaround, so I can't think of any remaining reason why we'd want suid ssh anymore ;-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev