On Thu, Feb 4, 2010 at 7:25 PM, mishler <[email protected]> wrote: > More specifically, amrecover starts a connection from port 585 to port 10080 > on localhost of dmz-host. The ssh tunnel accepts that connection and then > starts its own connection on the Amanda server to port 10080 to complete the > tunnel - but this one is from an unprivileged port on localhost. I can't > seem to get ssh to use a privileged port for the source of the server end of > the tunnel. ... > Does anybody know of a way to get this working without patching the source? > It's pretty clear from the code the there are no Amanda knobs to turn off the > privileged port check, and I'm pretty sure that OpenSSH provides no method to > specify the source port of tunnels.
>From time to time we get requests like this, to disable some troublesome part of the BSD authentication scheme. But the thing to remember is that this is basically the extent of the "authentication" these schemes do. There's no password, nothing. Just a source port number and a check of the forward and reverse DNS. So that's why there are no knobs for this. > I'm willing to use a different authentication but I don't know that that > would help much since I have to start a tunnel from the trusted subnet *into* > the dmz. I know it will sound odd, but probably the easiest to set up will be SSH auth -- *through* the SSH tunnel. Dustin -- Open Source Storage Engineer http://www.zmanda.com
