diff options
author | markus@openbsd.org <markus@openbsd.org> | 2017-09-21 19:16:53 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-09-22 09:14:53 +1000 |
commit | 609d7a66ce578abf259da2d5f6f68795c2bda731 (patch) | |
tree | fa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh.1 | |
parent | 36945fa103176c00b39731e1fc1919a0d0808b81 (diff) |
upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.383 2017/06/09 06:43:01 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $ |
37 | .Dd $Mdocdate: June 9 2017 $ | 37 | .Dd $Mdocdate: September 21 2017 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -592,21 +592,30 @@ Causes most warning and diagnostic messages to be suppressed. | |||
592 | .Ar remote_socket : local_socket | 592 | .Ar remote_socket : local_socket |
593 | .Sm on | 593 | .Sm on |
594 | .Xc | 594 | .Xc |
595 | .It Fl R Xo | ||
596 | .Sm off | ||
597 | .Oo Ar bind_address : Oc | ||
598 | .Ar port | ||
599 | .Sm on | ||
600 | .Xc | ||
595 | Specifies that connections to the given TCP port or Unix socket on the remote | 601 | Specifies that connections to the given TCP port or Unix socket on the remote |
596 | (server) host are to be forwarded to the given host and port, or Unix socket, | 602 | (server) host are to be forwarded to the local side. |
597 | on the local side. | 603 | .Pp |
598 | This works by allocating a socket to listen to either a TCP | 604 | This works by allocating a socket to listen to either a TCP |
599 | .Ar port | 605 | .Ar port |
600 | or to a Unix socket on the remote side. | 606 | or to a Unix socket on the remote side. |
601 | Whenever a connection is made to this port or Unix socket, the | 607 | Whenever a connection is made to this port or Unix socket, the |
602 | connection is forwarded over the secure channel, and a connection | 608 | connection is forwarded over the secure channel, and a connection |
603 | is made to either | 609 | is made from the local machine to either an explicit destination specified by |
604 | .Ar host | 610 | .Ar host |
605 | port | 611 | port |
606 | .Ar hostport , | 612 | .Ar hostport , |
607 | or | 613 | or |
608 | .Ar local_socket , | 614 | .Ar local_socket , |
609 | from the local machine. | 615 | or, if no explicit destination was specified, |
616 | .Nm | ||
617 | will act as a SOCKS 4/5 proxy and forward connections to the destinations | ||
618 | requested by the remote SOCKS client. | ||
610 | .Pp | 619 | .Pp |
611 | Port forwardings can also be specified in the configuration file. | 620 | Port forwardings can also be specified in the configuration file. |
612 | Privileged ports can be forwarded only when | 621 | Privileged ports can be forwarded only when |