Re: [FW1] SSH

[Joe Matusiewicz <joem@nist.gov>]

At 02:06 PM 11/5/99 +0000, Philipp Schott wrote:

>hi
>
>On Nov 4, 10:06pm, Dominik M Miklaszewski wrote:
> > Subject: Re: [FW1] SSH
> >
> > Ivan Fox wrote:
> > >
> > > When a firewall rule allows SSH coming into internal network, does it 
> mean
> > > that it allows users to use telnet, rlogin, ftp, etc. services?
> > >
>
>it allows the users to use the 'functionality' of telnet, rlogin etc but not
>the services themselves. sshd takes care of this not telnetd etc.
>
> > no, unless you assign port 22 on the internal side for
> > rlogin/ftp/telnet.
> > I don't know what SSH clients/server you're using, but I found Unix ssh
> > initiates a connection from a port slightly less than 1024
> > (1021,1022,1023..then 1024 and so on).
> >
>
>how should this be possible if you are a normal user? only root is allowed to
>open ports <1024. if you are a normal user the port on the client side is
> >1024. and on the server side the port is 22. if you are root things 
> might look
>different.  but normally will not.

This is true.  But if you look at the man page for ssh1:

      Ssh is normally installed  as  suid  root.   It  needs  root
      privileges  only for rhosts authentication (rhosts authenti-
      cation  requires  that  the  connection  must  come  from  a
      privileged  port,  and  allocating such a port requires root
      privileges)....


-- Joe

  


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================