How can I set up a remote port forward on port 80 to my localhost with the help of setcap?

I'd like to accept connections briefly for development when I'm NATed, and so I'm attempting to do this: $ ssh ubuntu@example.org -R 80:localhost:80 Which fails as I'm trying to bind a port that is to low: Warning: remote port forwarding failed for listen port 80 So I've discovered that I can do setcap 'cap_net_bind_service=+ep' /my/application to allow it to listen to ports lower than 1024. So I've got this in my suders crontab: @reboot setcap 'cap_net_bind_service=+ep' /usr/sbin/sshd But it's still not letting me bind on port 80. What am I doing wrong? I'm just going to use nginx to proxy to 8080 or iptables or something instead, but I'm still curious why what I was trying to do didn't work.