[ On Wednesday, November 15, 2000 at 15:54:07 (-0800), Carson Gaspar wrote: ]
> Subject: Re: ssh tunnelling over ssh ?
>
> Requiring a
> priveledged port on the server adds _no_ security and is a bad idea. I
> added an option to turn that silly requirement off.
That's not necessarily true, at least not in all situations.
Requiring that the server listen on a privileged port helps ensure, at
least in a configuration where the hosts are truly trusted (but the
users on those hosts may not be trusted 100% -- after all they don't
have the root password), that the server process was started by a
privileged user. This applies directly to SSH and is in fact could be
viewed as a critical requirement with SSH on a multi-user system.
In some scenarios where the local network wire is also trusted one can
even use the fact that the client connected from a trusted port to know
that the information passed by the client is in effect authenticated.
This also applies to SSH since it is this fact which corroberates the
authenticity of the client's host key by implying that it was done by a
privileged process capable of reading the protected host key.
None of this matters so much once the first handshake is done, or if
some other means of public key distribution is done, but for the initial
handshake under default configurations this is still somewhat important
since it's really the only assurance that the key being offered is
trustworthy.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
