This explanation would make a hell of a lot more sense than
having the ftp-alike approach with "callback" connections.
But it still doesn't explain why I didn't have to open
port 1022 when I used password based authentication as
opposed to public key transforms. ?
Does it initiate the connection from nonprivileged ports
when doing password based auth?
Fyi I was using a non-stateful packet filter at the time,
which would explain why I had to open 1022 as opposed to
letting a plug / stateful filter handle it.
[EMAIL PROTECTED] wrote:
>
> >>>>> "Mikael" == Mikael Olsson <[EMAIL PROTECTED]> writes:
>
> Mikael> Because if you use certificate based authentication as opposed to
> Mikael> password authentication, the server connects back to you at
> Mikael> port 1022. This was at least my experience when fiddling with
> Mikael> SSH and certificates on unix boxes a long time ago.
>
> Actually, it binds a priveledged port and connects to port 22. Said
> priveledged port can be anything from 1023 -> 512.
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
