Bug 617

Summary: sshd binds to port 6010
Product: Portable OpenSSH Reporter: Tiaan Wessels <tiaan>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED INVALID    
Severity: normal    
Priority: P2    
Version: 3.6.1p2   
Hardware: ix86   
OS: Linux   

Description Tiaan Wessels 2003-07-14 20:06:57 AEST 
I use RedHat 7.2 and the SSL version which ships with this.
SSHD seams to have an annoying feature/bug which does not honour 
/etc/services. There is a program which periodically starts up on the server 
and when running, listens on a port registered in /etc/servives. However, 
when one ssh to the server, I have now witnessed sshd 'stealing' this port 
and the application fails to start up as the port is already bound. Is there 
a way of telling sshd to honour the reserved ports (man page seems not to 
give any such clues). If not, I would say it would be a welcomed enhancement 
if it could do this.
Comment 1 Darren Tucker 2003-07-14 20:33:10 AEST 
First, I assume you mean "the SSH version which ships".  You're referring to 
port forwarding?

If I'm following here you mean that sshd permits remote forwarding of otherwise 
unbound ports below port 1024?  That should only be possible if you're logging 
is as root.  The ssh man page says "Privileged ports can be forwarded only when 
logging in as root on the remote machine."

Or do you mean something else?
Comment 2 Darren Tucker 2003-07-14 21:31:27 AEST 
Further info supplied via email:
> I use ssh to access a certain machine. On this machine is installed another
> program which periodically runs and whenever it starts up, it exports
> services on port 6010 which is documented so in /etc/services on the machine.
> For some reason which I don't understand as I am not familiar with ssh well
> enough, sshd 'stole' the port 6010

Ah, OK, you should have put that in the bug report.

6010 is by default the first X11 forwarding port.

You can turn it off with "X11Forwarding no" or change the port with
"X11DisplayOffset [number]" (both in sshd_config).  The number by default
is "10" and is added to the normal X11 port (6000) to give the first X11
forwarding port.

Your best bet is probably to set "X11DisplayOffset 20".

/etc/services is not a reservation system at all, it is merely a way to
map port numbers to service names and vice versa.
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED