[H-GEN] iptables autoblocking

Michael Anthon mrchook at gmail.com
Fri Jul 22 01:19:54 EDT 2005


> > I use root to ssh into my linux box at home to do a port redirect
> > so I can use xchat/IRC from the office. If I were to change
> > PermitRootLogin to no, will that stop that?  Sounds like it. It's
> > the only way I can use IRC from the office. I need to do it as
> > root because a "normal" user can't do port redirects.

NAUGHTY !  I can't imagine anyone else doing that...

Anyway, that aside, a normal user *can* do port redirects but they
cannot redirect privileged ports (i.e. ports <= 1024).  IRC generally
runs on 6667 or so, so any user should be able to set up those
redirects.

> Why can't you log in as a normal user, and use sudo or su to root to
> achieve your task?  You really don't need to actually log in as root
> to execute commands as root.

The redirect is done by ssh/sshd, not by executing a command at the
remote end so to forward privileged ports using ssh I believe you must
log in as root (although I could be proved wrong on this...)

Cheers,
Michael




More information about the General mailing list