Re: Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Fri, Jul 06, 2018 at 03:58:30PM +1000, Darren Tucker wrote:
> Does anyone use UsePrivilegedPort or have ssh(1) setuid, and if so for
> what use case?
[..]
> So, does anyone use these and if so why?  If it's for low numbered
> ports, there are safer ways to do that these days (CAP_NET_BIND or
> similar if you have it, or a small setuid ProxyCommand).

I think we have one customer connection where their firewall admin
thinks "it is more secure that way" - read, we can't ssh in if we come
from high ports.

OTOH, thanks for the pointer with ProxyCommand - it's a very specific
niche problem with a viable workaround, so I can't think of any 
remaining reason why we'd want suid ssh anymore ;-)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert@xxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux