On Nov 13 00:20, Cedric Blancher wrote: > On Sat, 11 Nov 2023 at 14:26, Roland Mainz <roland.mainz@xxxxxxxxxxx> wrote: > > > > Hi! > > > > ---- > > > > I'm doing some testing with the ssh client OpenSSH on Windows 10 > > (10.0-19045) but due to firewall restrictions I need to run my > > experiments from a local port < 1024 (not negotiable). > > > > I thought that this was no problem... but ssh |bind()| fails with > > "address in use" (yes, I checked netstat, no one is there) for any > > port < 1023. How do you do that? ssh -D? > > Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange > > protocol=tcp # and the same for IPv6, noone is using ports. > > > > This *feels* like the "restricted port range" (1-1023) on UNIX/Linux, > > where only "root" can do a |bind()| with a local port < 1023, but this > > is Windows, and even as "Administrator" this still fails. > > https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang > > talks about a "... well-known ports that are used by services and > > applications...", but I do not know where to set that (for a Cygwin > > process). This is about dynamic port binding, not about using a port below 1025 statically. The ports below 1025 are not available for dynamic port binding, not even as a setting. But that's not what you're trying to do anyway. > > Does anyone know what is going on ? Is there a way around this ? > > How can Windows sshd bind() to port 22? How do they do that, and maybe > that is a solution? It just works. There is no admin-only restricion on Windows for ports < 1024 either. If the sshd_config file and the ssh hostkeys under /etc belong to your own non-admin account, you can simply run sshd on port 22 just for yourself on the commandline (/usr/sbin/sshd -D) and login to your own account from another commandline. >From what you tell, you have a local problem on your machine. It has nothing to do with the implementation of OpenSSH, nor with port range permissions on Windows. I'd blame the firewall. Corinna _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
