- reyk@cvs.openbsd.org 2005/12/06 22:38:28

[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
author: Damien Miller <djm@mindrot.org> 2005-12-13 19:29:02 +1100
committer: Damien Miller <djm@mindrot.org> 2005-12-13 19:29:02 +1100
commit: d27b947178df3689bfb7fdfb62a5f1337ef73481 (patch)
tree: c8678325c355b3602bdabca16da1baa8707818eb /ssh.1
parent: 6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff)
1 files changed, 19 insertions, 1 deletions
diff --git a/ssh.1 b/ssh.1
index dd97a8995..8a55c2f64 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.214 2005/11/30 11:45:20 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.215 2005/12/06 22:38:27 reyk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -77,6 +77,7 @@
 .Sm on
 .Oc
 .Op Fl S Ar ctl_path
+.Op Fl w Ar tunnel : tunnel
 .Oo Ar user Ns @ Oc Ns Ar hostname
 .Op Ar command
 .Sh DESCRIPTION
@@ -301,6 +302,12 @@ options (see below).
 It also allows the cancellation of existing remote port-forwardings
 using
 .Fl KR Ar hostport .
+The 
+.Ic ! Ar command
+allows the user to execute a local command if the
+.Ic PermitLocalCommand
+option is enabled in
+.Xr ssh_config 5 .
 Basic help is available, using the
 .Fl h
 option.
@@ -747,12 +754,14 @@ For full details of the options listed below, and their possible values, see
 .It IdentityFile
 .It IdentitiesOnly
 .It KbdInteractiveDevices
+.It LocalCommand
 .It LocalForward
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
 .It NumberOfPasswordPrompts
 .It PasswordAuthentication
+.It PermitLocalCommand
 .It Port
 .It PreferredAuthentications
 .It Protocol
@@ -767,6 +776,8 @@ For full details of the options listed below, and their possible values, see
 .It SmartcardDevice
 .It StrictHostKeyChecking
 .It TCPKeepAlive
+.It Tunnel
+.It TunnelDevice
 .It UsePrivilegedPort
 .It User
 .It UserKnownHostsFile
@@ -866,6 +877,13 @@ Multiple
 .Fl v
 options increase the verbosity.
 The maximum is 3.
+.It Fl w
+Requests a
+.Xr tun 4
+device on the client and server like the
+.Cm Tunnel
+directive in
+.Xr ssh_config 5 .
 .It Fl X
 Enables X11 forwarding.
 This can also be specified on a per-host basis in a configuration file.
author	Damien Miller <djm@mindrot.org>	2005-12-13 19:29:02 +1100
committer	Damien Miller <djm@mindrot.org>	2005-12-13 19:29:02 +1100
commit	d27b947178df3689bfb7fdfb62a5f1337ef73481 (patch)
tree	c8678325c355b3602bdabca16da1baa8707818eb /ssh.1
parent	6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff)

diff --git a/ssh.1 b/ssh.1 index dd97a8995..8a55c2f64 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.214 2005/11/30 11:45:20 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.215 2005/12/06 22:38:27 reyk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -77,6 +77,7 @@
77	.Sm on	77	.Sm on
78	.Oc	78	.Oc
79	.Op Fl S Ar ctl_path	79	.Op Fl S Ar ctl_path
		80	.Op Fl w Ar tunnel : tunnel
80	.Oo Ar user Ns @ Oc Ns Ar hostname	81	.Oo Ar user Ns @ Oc Ns Ar hostname
81	.Op Ar command	82	.Op Ar command
82	.Sh DESCRIPTION	83	.Sh DESCRIPTION
@@ -301,6 +302,12 @@ options (see below).
301	It also allows the cancellation of existing remote port-forwardings	302	It also allows the cancellation of existing remote port-forwardings
302	using	303	using
303	.Fl KR Ar hostport .	304	.Fl KR Ar hostport .
		305	The
		306	.Ic ! Ar command
		307	allows the user to execute a local command if the
		308	.Ic PermitLocalCommand
		309	option is enabled in
		310	.Xr ssh_config 5 .
304	Basic help is available, using the	311	Basic help is available, using the
305	.Fl h	312	.Fl h
306	option.	313	option.
@@ -747,12 +754,14 @@ For full details of the options listed below, and their possible values, see
747	.It IdentityFile	754	.It IdentityFile
748	.It IdentitiesOnly	755	.It IdentitiesOnly
749	.It KbdInteractiveDevices	756	.It KbdInteractiveDevices
		757	.It LocalCommand
750	.It LocalForward	758	.It LocalForward
751	.It LogLevel	759	.It LogLevel
752	.It MACs	760	.It MACs
753	.It NoHostAuthenticationForLocalhost	761	.It NoHostAuthenticationForLocalhost
754	.It NumberOfPasswordPrompts	762	.It NumberOfPasswordPrompts
755	.It PasswordAuthentication	763	.It PasswordAuthentication
		764	.It PermitLocalCommand
756	.It Port	765	.It Port
757	.It PreferredAuthentications	766	.It PreferredAuthentications
758	.It Protocol	767	.It Protocol
@@ -767,6 +776,8 @@ For full details of the options listed below, and their possible values, see
767	.It SmartcardDevice	776	.It SmartcardDevice
768	.It StrictHostKeyChecking	777	.It StrictHostKeyChecking
769	.It TCPKeepAlive	778	.It TCPKeepAlive
		779	.It Tunnel
		780	.It TunnelDevice
770	.It UsePrivilegedPort	781	.It UsePrivilegedPort
771	.It User	782	.It User
772	.It UserKnownHostsFile	783	.It UserKnownHostsFile
@@ -866,6 +877,13 @@ Multiple
866	.Fl v	877	.Fl v
867	options increase the verbosity.	878	options increase the verbosity.
868	The maximum is 3.	879	The maximum is 3.
		880	.It Fl w
		881	Requests a
		882	.Xr tun 4
		883	device on the client and server like the
		884	.Cm Tunnel
		885	directive in
		886	.Xr ssh_config 5 .
869	.It Fl X	887	.It Fl X
870	Enables X11 forwarding.	888	Enables X11 forwarding.
871	This can also be specified on a per-host basis in a configuration file.	889	This can also be specified on a per-host basis in a configuration file.