[H-GEN] iptables autoblocking
Michael Anthon
mrchook at gmail.com
Fri Jul 22 01:19:54 EDT 2005
> > I use root to ssh into my linux box at home to do a port redirect
> > so I can use xchat/IRC from the office. If I were to change
> > PermitRootLogin to no, will that stop that? Sounds like it. It's
> > the only way I can use IRC from the office. I need to do it as
> > root because a "normal" user can't do port redirects.
NAUGHTY ! I can't imagine anyone else doing that...
Anyway, that aside, a normal user *can* do port redirects but they
cannot redirect privileged ports (i.e. ports <= 1024). IRC generally
runs on 6667 or so, so any user should be able to set up those
redirects.
> Why can't you log in as a normal user, and use sudo or su to root to
> achieve your task? You really don't need to actually log in as root
> to execute commands as root.
The redirect is done by ssh/sshd, not by executing a command at the
remote end so to forward privileged ports using ssh I believe you must
log in as root (although I could be proved wrong on this...)
Cheers,
Michael
More information about the General
mailing list