summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2017-09-21 19:16:53 +0000
committerDamien Miller <djm@mindrot.org>2017-09-22 09:14:53 +1000
commit609d7a66ce578abf259da2d5f6f68795c2bda731 (patch)
treefa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh.1
parent36945fa103176c00b39731e1fc1919a0d0808b81 (diff)
upstream commit
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.121
1 files changed, 15 insertions, 6 deletions
diff --git a/ssh.1 b/ssh.1
index 3aacec415..2ab1697f9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.383 2017/06/09 06:43:01 djm Exp $ 36.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $
37.Dd $Mdocdate: June 9 2017 $ 37.Dd $Mdocdate: September 21 2017 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -592,21 +592,30 @@ Causes most warning and diagnostic messages to be suppressed.
592.Ar remote_socket : local_socket 592.Ar remote_socket : local_socket
593.Sm on 593.Sm on
594.Xc 594.Xc
595.It Fl R Xo
596.Sm off
597.Oo Ar bind_address : Oc
598.Ar port
599.Sm on
600.Xc
595Specifies that connections to the given TCP port or Unix socket on the remote 601Specifies that connections to the given TCP port or Unix socket on the remote
596(server) host are to be forwarded to the given host and port, or Unix socket, 602(server) host are to be forwarded to the local side.
597on the local side. 603.Pp
598This works by allocating a socket to listen to either a TCP 604This works by allocating a socket to listen to either a TCP
599.Ar port 605.Ar port
600or to a Unix socket on the remote side. 606or to a Unix socket on the remote side.
601Whenever a connection is made to this port or Unix socket, the 607Whenever a connection is made to this port or Unix socket, the
602connection is forwarded over the secure channel, and a connection 608connection is forwarded over the secure channel, and a connection
603is made to either 609is made from the local machine to either an explicit destination specified by
604.Ar host 610.Ar host
605port 611port
606.Ar hostport , 612.Ar hostport ,
607or 613or
608.Ar local_socket , 614.Ar local_socket ,
609from the local machine. 615or, if no explicit destination was specified,
616.Nm
617will act as a SOCKS 4/5 proxy and forward connections to the destinations
618requested by the remote SOCKS client.
610.Pp 619.Pp
611Port forwardings can also be specified in the configuration file. 620Port forwardings can also be specified in the configuration file.
612Privileged ports can be forwarded only when 621Privileged ports can be forwarded only when