From owner-freebsd-stable@FreeBSD.ORG Mon Oct 5 22:49:16 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E36C1065695 for ; Mon, 5 Oct 2009 22:49:16 +0000 (UTC) (envelope-from db@danielbond.org) Received: from bgo1smout1.broadpark.no (bgo1smout1.broadpark.no [217.13.4.94]) by mx1.freebsd.org (Postfix) with ESMTP id CA4638FC19 for ; Mon, 5 Oct 2009 22:49:15 +0000 (UTC) MIME-version: 1.0 Received: from bgo1sminn1.broadpark.no ([217.13.4.93]) by bgo1smout1.broadpark.no (Sun Java(tm) System Messaging Server 6.3-3.01 (built Jul 12 2007; 32bit)) with ESMTP id <0KR200FORCQ3Q4B0@bgo1smout1.broadpark.no>; Tue, 06 Oct 2009 00:49:15 +0200 (CEST) Received: from [10.0.0.5] ([89.10.20.96]) by bgo1sminn1.broadpark.no (Sun Java(tm) System Messaging Server 6.3-3.01 (built Jul 12 2007; 32bit)) with ESMTP id <0KR2005DDCQ2MOA2@bgo1sminn1.broadpark.no>; Tue, 06 Oct 2009 00:49:15 +0200 (CEST) Message-id: <460A3E92-37D5-49CA-A079-EC08867B8DD4@danielbond.org> From: Daniel Bond To: Doug Barton In-reply-to: <4ACA6BE8.3000402@FreeBSD.org> Content-type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary=Apple-Mail-6--549614409 Content-transfer-encoding: 7bit Date: Tue, 06 Oct 2009 00:49:36 +0200 References: <20091003121830.GA15170@sorry.mine.nu> <4AC7B690.1060607@gmail.com> <4ACA6BE8.3000402@FreeBSD.org> X-Pgp-Agent: GPGMail 1.2.0 (v56) X-Mailer: Apple Mail (2.936) Cc: FreeBSD Stable Subject: Re: openssh concerns X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 22:49:16 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-6--549614409 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi. I explained my opinion quite well (imo) a bit further down in my previous email. I'm not sure what to answer. I don't necessarily think it's relevant for every computer running sshd. I see a tendency to change sshd port to 2022 and other port numbers. I'm not sure everyone doing it is aware that using unprivileged ports also has consequences, compared to (often) a few harmless logentries. I'd much rather use an privileged port, or mac_portacl(4), like mentioned earlier. Best regards, Daniel. I've noticed quite a bit of suggestions to use 2022, 2222 and such On Oct 5, 2009, at 11:58 PM, Doug Barton wrote: > Daniel Bond wrote: >> However, I'm concerned about the suggestion of using an >> unprivileged port > > Please explain your reasoning, and how it's relevant in a world where > the vast majority of Internet users have complete administrative > control over the systems they use. > > > Doug > > -- > > This .signature sanitized for your protection > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " --Apple-Mail-6--549614409 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) iEYEARECAAYFAkrKeAAACgkQF4Ca8+3pySXlWwCghy6voGgDAR7seqtCF3BvlEWV 9a4An2vJPXfxy9g8KlCAcdPunzKF5NPp =PV+w -----END PGP SIGNATURE----- --Apple-Mail-6--549614409--