upstream: benno helped me clean up the tcp forwarding section;

OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
author: jmc@openbsd.org <jmc@openbsd.org> 2019-03-16 19:14:21 +0000
committer: Damien Miller <djm@mindrot.org> 2019-03-26 10:20:22 +1100
commit: 1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0 (patch)
tree: 24c47f2157f92eddafe53d5cd4c161e15d268255 /ssh.1
parent: 2aee9a49f668092ac5c9d34e904ef7a9722e541d (diff)
1 files changed, 18 insertions, 32 deletions
diff --git a/ssh.1 b/ssh.1
index 41937c61a..9480eba8d 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $
+.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $
-.Dd $Mdocdate: March 5 2019 $
+.Dd $Mdocdate: March 16 2019 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1090,49 +1090,35 @@ Increase the verbosity
 when errors are being written to stderr.
 .El
 .Sh TCP FORWARDING
-Forwarding of arbitrary TCP connections over the secure channel can
+Forwarding of arbitrary TCP connections over a secure channel
-be specified either on the command line or in a configuration file.
+can be specified either on the command line or in a configuration file.
 One possible application of TCP forwarding is a secure connection to a
 mail server; another is going through firewalls.
 .Pp
-In the example below, we look at encrypting communication between
+In the example below, we look at encrypting communication for an IRC client,
-an IRC client and server, even though the IRC server does not directly
+even though the IRC server it connects to does not directly
-support encrypted communications.
+support encrypted communication.
 This works as follows:
 the user connects to the remote host using
 .Nm ,
-specifying a port to be used to forward connections
+specifying the ports to be used to forward the connection.
-to the remote server.
+After that it is possible to start the program locally,
-After that it is possible to start the service which is to be encrypted
-on the client machine,
-connecting to the same local port,
 and
 .Nm
-will encrypt and forward the connection.
+will encrypt and forward the connection to the remote server.
 .Pp
-The following example tunnels an IRC session from client machine
+The following example tunnels an IRC session from the client
-.Dq 127.0.0.1
+to an IRC server at
-(localhost)
-to remote server
-.Dq server.example.com :
-.Bd -literal -offset 4n
-$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
-$ irc -c '#users' -p 1234 pinky 127.0.0.1
-.Ed
-.Pp
-This tunnels a connection to IRC server
 .Dq server.example.com ,
 joining channel
 .Dq #users ,
 nickname
 .Dq pinky ,
-using port 1234.
+using the standard IRC port, 6667:
-It doesn't matter which port is used,
+.Bd -literal -offset 4n
-as long as it's greater than 1023
+$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
-(remember, only root can open sockets on privileged ports)
+$ irc -c '#users' pinky IRC/127.0.0.1
-and doesn't conflict with any ports already in use.
+.Ed
-The connection is forwarded to port 6667 on the remote server,
-since that's the standard port for IRC services.
 .Pp
 The
 .Fl f
@@ -1142,7 +1128,7 @@ and the remote command
 .Dq sleep 10
 is specified to allow an amount of time
 (10 seconds, in the example)
-to start the service which is to be tunnelled.
+to start the program which is going to use the tunnel.
 If no connections are made within the time specified,
 .Nm
 will exit.
author	jmc@openbsd.org <jmc@openbsd.org>	2019-03-16 19:14:21 +0000
committer	Damien Miller <djm@mindrot.org>	2019-03-26 10:20:22 +1100
commit	1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0 (patch)
tree	24c47f2157f92eddafe53d5cd4c161e15d268255 /ssh.1
parent	2aee9a49f668092ac5c9d34e904ef7a9722e541d (diff)

diff --git a/ssh.1 b/ssh.1 index 41937c61a..9480eba8d 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $	36	.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $
37	.Dd $Mdocdate: March 5 2019 $	37	.Dd $Mdocdate: March 16 2019 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1090,49 +1090,35 @@ Increase the verbosity
1090	when errors are being written to stderr.	1090	when errors are being written to stderr.
1091	.El	1091	.El
1092	.Sh TCP FORWARDING	1092	.Sh TCP FORWARDING
1093	Forwarding of arbitrary TCP connections over the secure channel can	1093	Forwarding of arbitrary TCP connections over a secure channel
1094	be specified either on the command line or in a configuration file.	1094	can be specified either on the command line or in a configuration file.
1095	One possible application of TCP forwarding is a secure connection to a	1095	One possible application of TCP forwarding is a secure connection to a
1096	mail server; another is going through firewalls.	1096	mail server; another is going through firewalls.
1097	.Pp	1097	.Pp
1098	In the example below, we look at encrypting communication between	1098	In the example below, we look at encrypting communication for an IRC client,
1099	an IRC client and server, even though the IRC server does not directly	1099	even though the IRC server it connects to does not directly
1100	support encrypted communications.	1100	support encrypted communication.
1101	This works as follows:	1101	This works as follows:
1102	the user connects to the remote host using	1102	the user connects to the remote host using
1103	.Nm ,	1103	.Nm ,
1104	specifying a port to be used to forward connections	1104	specifying the ports to be used to forward the connection.
1105	to the remote server.	1105	After that it is possible to start the program locally,
1106	After that it is possible to start the service which is to be encrypted
1107	on the client machine,
1108	connecting to the same local port,
1109	and	1106	and
1110	.Nm	1107	.Nm
1111	will encrypt and forward the connection.	1108	will encrypt and forward the connection to the remote server.
1112	.Pp	1109	.Pp
1113	The following example tunnels an IRC session from client machine	1110	The following example tunnels an IRC session from the client
1114	.Dq 127.0.0.1	1111	to an IRC server at
1115	(localhost)
1116	to remote server
1117	.Dq server.example.com :
1118	.Bd -literal -offset 4n
1119	$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
1120	$ irc -c '#users' -p 1234 pinky 127.0.0.1
1121	.Ed
1122	.Pp
1123	This tunnels a connection to IRC server
1124	.Dq server.example.com ,	1112	.Dq server.example.com ,
1125	joining channel	1113	joining channel
1126	.Dq #users ,	1114	.Dq #users ,
1127	nickname	1115	nickname
1128	.Dq pinky ,	1116	.Dq pinky ,
1129	using port 1234.	1117	using the standard IRC port, 6667:
1130	It doesn't matter which port is used,	1118	.Bd -literal -offset 4n
1131	as long as it's greater than 1023	1119	$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
1132	(remember, only root can open sockets on privileged ports)	1120	$ irc -c '#users' pinky IRC/127.0.0.1
1133	and doesn't conflict with any ports already in use.	1121	.Ed
1134	The connection is forwarded to port 6667 on the remote server,
1135	since that's the standard port for IRC services.
1136	.Pp	1122	.Pp
1137	The	1123	The
1138	.Fl f	1124	.Fl f
@@ -1142,7 +1128,7 @@ and the remote command
1142	.Dq sleep 10	1128	.Dq sleep 10
1143	is specified to allow an amount of time	1129	is specified to allow an amount of time
1144	(10 seconds, in the example)	1130	(10 seconds, in the example)
1145	to start the service which is to be tunnelled.	1131	to start the program which is going to use the tunnel.
1146	If no connections are made within the time specified,	1132	If no connections are made within the time specified,
1147	.Nm	1133	.Nm
1148	will exit.	1134	will exit.