Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.unix.programmer > #17091
| From | cross@spitfire.i.gajendra.net (Dan Cross) |
|---|---|
| Newsgroups | comp.unix.programmer |
| Subject | Re: MacOS TCP port permissions |
| Date | 2026-04-18 01:56 +0000 |
| Organization | PANIX Public Access Internet and UNIX, NYC |
| Message-ID | <10ruoc8$5hh$1@reader1.panix.com> (permalink) |
| References | <10rq7hc$1b1bt$1@dont-email.me> <87tst9s4v4.fsf@kst.eternal-september.org> <10rudri$19o$1@reader1.panix.com> <87cxzxrvvl.fsf@kst.eternal-september.org> |
In article <87cxzxrvvl.fsf@kst.eternal-september.org>, Keith Thompson <Keith.S.Thompson+u@gmail.com> wrote: >cross@spitfire.i.gajendra.net (Dan Cross) writes: >[...] >> But suppose the SSH daemon is not running, and some random user >> sets up an imposter server listening on that port. Since >> unprivileged users can bind any port (including 22), they can do >> so. But, since they presumably cannot read the file containing >> the host private key, they lack the cryptographic key material >> required to authenticate as the real server using the RFC4253 >> host authentication protocol. Clients will notice that and >> fail to establish an SSH transport protocol connection, well >> before user authentication is attempted, let alone a shell or >> anything similar is executed. > >And *some* users will see the "WARNING: REMOTE HOST IDENTIFICATION HAS >CHANGED!" message and blindly add the new key to their known_hosts file. *shrug* People will do all sorts of ill-advised things. You can lead a horse to water, but cannot make it drink. Here's a scenario in which the whole "reserved ports" thing does not help. Consider cases where the `ssh` daemon would not be running. One such case might be when the server is down for maintenance. Here, a malicious actor might put a different machine that they control onto the network, and configure it with the MAC and IP addresses of the target server; they then start whatever ssh daemon they like, as root: which they can do since it's their machine. - Dan C.
Back to comp.unix.programmer | Previous | Next — Previous in thread | Next in thread | Find similar
MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 08:44 +0000
Re: MacOS TCP port permissions Geoff Clare <geoff@clare.See-My-Signature.invalid> - 2026-04-16 13:23 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 14:48 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-16 20:29 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 14:41 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 15:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 15:50 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:06 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:26 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:12 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:02 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:58 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:05 +0100
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:01 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:50 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-17 19:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 13:34 -0700
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 22:53 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 22:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 16:48 -0700
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 01:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:39 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:08 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:00 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:34 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 12:42 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 14:14 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 17:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:36 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-18 17:54 -0700
Re: MacOS TCP port permissions baltar@caprica.prime - 2026-04-19 09:08 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:29 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:35 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:45 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:32 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-20 23:52 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-21 08:27 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:30 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 20:09 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:32 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 13:02 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 14:40 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:14 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:29 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:24 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:53 +0000
Running sshd on another port does have merit - even if in theory it does not (Was: MacOS TCP port permissions) gazelle@shell.xmission.com (Kenny McCormack) - 2026-04-19 16:01 +0000
Re: Running sshd on another port does have merit - even if in theory it does not kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-19 16:28 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:03 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:26 +0100
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 17:07 +0100
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-18 22:36 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-16 23:23 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-16 16:34 -0700
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-17 01:00 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 07:12 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 08:54 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 13:49 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:50 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-18 09:22 +0100
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-17 22:53 +0000
Goodbye, Privileged Ports! [was Re: MacOS TCP port permissions] cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:58 +0000
csiph-web