I'd like to accept connections briefly for development when I'm NATed, and so I'm attempting to do this:
$ ssh ubuntu@example.org -R 80:localhost:80
Which fails as I'm trying to bind a port that is to low:
Warning: remote port forwarding failed for listen port 80
So I've discovered that I can do setcap 'cap_net_bind_service=+ep' /my/application
to allow it to listen to ports lower than 1024. So I've got this in my suders crontab:
@reboot setcap 'cap_net_bind_service=+ep' /usr/sbin/sshd
But it's still not letting me bind on port 80. What am I doing wrong? I'm just going to use nginx to proxy to 8080 or iptables or something instead, but I'm still curious why what I was trying to do didn't work.
Best Answer
OpenSSH will flat-out refuse to bind to privileged ports unless the user id of the logged in user is 0 (root). The relevant lines of code are:
Source: http://www.openssh.com/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c?annotate=1.162 lines 1092-1098
If you're curious,
pw
is of typestruct passwd *
and on linux is defined in/usr/include/pwd.h