diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-07-15 00:24:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-07-15 14:20:10 +1000 |
| commit | ed877ef653847d056bb433975d731b7a1132a979 (patch) | |
| tree | 855230b944a0fc2eebdaa4c037f911e28ff21e17 /ssh.1 | |
| parent | 5c02dd126206a26785379e80f2d3848e4470b711 (diff) | |
upstream commit
Add a ProxyJump ssh_config(5) option and corresponding -J
ssh(1) command-line flag to allow simplified indirection through a SSH
bastion or "jump host".
These options construct a proxy command that connects to the
specified jump host(s) (more than one may be specified) and uses
port-forwarding to establish a connection to the next destination.
This codifies the safest way of indirecting connections through SSH
servers and makes it easy to use.
ok markus@
Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 24 |
1 files changed, 22 insertions, 2 deletions
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh.1,v 1.374 2016/06/29 17:14:28 jmc Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.375 2016/07/15 00:24:30 djm Exp $ |
| 37 | .Dd $Mdocdate: June 29 2016 $ | 37 | .Dd $Mdocdate: July 15 2016 $ |
| 38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -52,6 +52,7 @@ | |||
| 52 | .Op Fl F Ar configfile | 52 | .Op Fl F Ar configfile |
| 53 | .Op Fl I Ar pkcs11 | 53 | .Op Fl I Ar pkcs11 |
| 54 | .Op Fl i Ar identity_file | 54 | .Op Fl i Ar identity_file |
| 55 | .Oo Fl J Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port | ||
| 55 | .Op Fl L Ar address | 56 | .Op Fl L Ar address |
| 56 | .Op Fl l Ar login_name | 57 | .Op Fl l Ar login_name |
| 57 | .Op Fl m Ar mac_spec | 58 | .Op Fl m Ar mac_spec |
| @@ -312,6 +313,24 @@ by appending | |||
| 312 | .Pa -cert.pub | 313 | .Pa -cert.pub |
| 313 | to identity filenames. | 314 | to identity filenames. |
| 314 | .Pp | 315 | .Pp |
| 316 | .It Fl J Xo | ||
| 317 | .Sm off | ||
| 318 | .Oo Ar jump_user @ Oc | ||
| 319 | .Ar jump_host | ||
| 320 | .Ns Op : Ns Ar jump_port | ||
| 321 | .Sm on | ||
| 322 | .Xc | ||
| 323 | Connect to the target host by first making a | ||
| 324 | .Nm | ||
| 325 | connection to | ||
| 326 | .Ar jump_host | ||
| 327 | and then establishing a TCP forward to the ultimate destination from | ||
| 328 | there. | ||
| 329 | Multiple jump hops may be specified separated by comma characters. | ||
| 330 | This is a shortcut to specify a | ||
| 331 | .Cm ProxyJump | ||
| 332 | configuration directive. | ||
| 333 | .Pp | ||
| 315 | .It Fl K | 334 | .It Fl K |
| 316 | Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI | 335 | Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI |
| 317 | credentials to the server. | 336 | credentials to the server. |
| @@ -523,6 +542,7 @@ For full details of the options listed below, and their possible values, see | |||
| 523 | .It PreferredAuthentications | 542 | .It PreferredAuthentications |
| 524 | .It Protocol | 543 | .It Protocol |
| 525 | .It ProxyCommand | 544 | .It ProxyCommand |
| 545 | .It ProxyJump | ||
| 526 | .It ProxyUseFdpass | 546 | .It ProxyUseFdpass |
| 527 | .It PubkeyAcceptedKeyTypes | 547 | .It PubkeyAcceptedKeyTypes |
| 528 | .It PubkeyAuthentication | 548 | .It PubkeyAuthentication |