Re: Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 6 July 2018 at 17:24, Gert Doering <gert@xxxxxxxxxxxxxx>wrote:
[...]
> I think we have one customer connection where their firewall admin
> thinks "it is more secure that way" - read, we can't ssh in if we come
> from high ports.
>
> OTOH, thanks for the pointer with ProxyCommand - it's a very specific
> niche problem with a viable workaround, so I can't think of any
> remaining reason why we'd want suid ssh anymore ;-)

There's another possibility: if you have a NAT-capable packet filter
in the path you might be able to remap the source ports using source
NAT.  I think that'd be --to-source=1.2.3.4:800:1023 in iptables (not
sure about other systems, I didn't see an obvious way to do it with
PF).

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux