I noticed that sshd listens on ports 60xx in addition to port 22. I would
assume that this is of course for x-forwarding.
If I DISABLE x11forwarding and restart SSH, it still listens on port 60xx.
Each additional incoming SSH session creates yet another listener on 60xx+1.
Does anyone know why it is creating these listeners? If it is definitely
for X11 forwarding, and X11 forwarding is disabled via the config file, why
does it still listen on these ports?
Better yet, how is access control performed for these ports? Does SSH check
its "allowed hosts" for incoming connections to that port?
I find the implications of this disturbing. Running SSHD on a firewall
starts other ports listening in the 60xx range. Worse yet, connecting to
these ports remotely doesn't log anything via syslog and who knows if
there's any way to compromise security via this port.
Has anyone else noticed this behavior? Is this a known issue?
----------------------------------------------------------------------------
| Seann Dorand | E-mail : [EMAIL PROTECTED] |
| Network Systems Engineer | Pager : (888) 796-2341 |
| International Network Services | Phone : (610) 313-4100 |
| 2500 Renaissance Blvd, Suite 300 | Fax : (610) 313-4125 |
| King of Prussia, PA 19406 | "The Knowledge Behind the Network" |
----------------------------------------------------------------------------
