diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-04-10 00:52:07 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2020-04-10 11:47:19 +1000 |
commit | 990687a0336098566c3a854d23cce74a31ec6fe2 (patch) | |
tree | 2d32e3b853cacabf9bd489882b830d0e4f38f039 /ssh_config.5 | |
parent | 2b13d3934d5803703c04803ca3a93078ecb5b715 (diff) |
upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
when used for Unix domain socket forwarding. Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@
OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 9d89c13aa..7bbc76aa3 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.323 2020/04/03 02:27:12 dtucker Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.324 2020/04/10 00:52:07 dtucker Exp $ |
37 | .Dd $Mdocdate: April 3 2020 $ | 37 | .Dd $Mdocdate: April 10 2020 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1125,12 +1125,15 @@ has been enabled. | |||
1125 | .It Cm LocalForward | 1125 | .It Cm LocalForward |
1126 | Specifies that a TCP port on the local machine be forwarded over | 1126 | Specifies that a TCP port on the local machine be forwarded over |
1127 | the secure channel to the specified host and port from the remote machine. | 1127 | the secure channel to the specified host and port from the remote machine. |
1128 | The first argument must be | 1128 | The first argument specifies the listener and may be |
1129 | .Sm off | 1129 | .Sm off |
1130 | .Oo Ar bind_address : Oc Ar port | 1130 | .Oo Ar bind_address : Oc Ar port |
1131 | .Sm on | 1131 | .Sm on |
1132 | and the second argument must be | 1132 | or a Unix domain socket path. |
1133 | .Ar host : Ns Ar hostport . | 1133 | The second argument is the destination and may be |
1134 | .Ar host : Ns Ar hostport | ||
1135 | or a Unix domain socket path if the remote host supports it. | ||
1136 | .Pp | ||
1134 | IPv6 addresses can be specified by enclosing addresses in square brackets. | 1137 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
1135 | Multiple forwardings may be specified, and additional forwardings can be | 1138 | Multiple forwardings may be specified, and additional forwardings can be |
1136 | given on the command line. | 1139 | given on the command line. |
@@ -1149,6 +1152,9 @@ indicates that the listening port be bound for local use only, while an | |||
1149 | empty address or | 1152 | empty address or |
1150 | .Sq * | 1153 | .Sq * |
1151 | indicates that the port should be available from all interfaces. | 1154 | indicates that the port should be available from all interfaces. |
1155 | Unix domain socket paths accept the tokens described in the | ||
1156 | .Sx TOKENS | ||
1157 | section. | ||
1152 | .It Cm LogLevel | 1158 | .It Cm LogLevel |
1153 | Gives the verbosity level that is used when logging messages from | 1159 | Gives the verbosity level that is used when logging messages from |
1154 | .Xr ssh 1 . | 1160 | .Xr ssh 1 . |
@@ -1401,12 +1407,14 @@ the secure channel. | |||
1401 | The remote port may either be forwarded to a specified host and port | 1407 | The remote port may either be forwarded to a specified host and port |
1402 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote | 1408 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote |
1403 | client to connect to arbitrary destinations from the local machine. | 1409 | client to connect to arbitrary destinations from the local machine. |
1404 | The first argument must be | 1410 | The first argument is the listening specification and may be |
1405 | .Sm off | 1411 | .Sm off |
1406 | .Oo Ar bind_address : Oc Ar port | 1412 | .Oo Ar bind_address : Oc Ar port |
1407 | .Sm on | 1413 | .Sm on |
1414 | or, if the remote host supports it, a Unix domain socket path. | ||
1408 | If forwarding to a specific destination then the second argument must be | 1415 | If forwarding to a specific destination then the second argument must be |
1409 | .Ar host : Ns Ar hostport , | 1416 | .Ar host : Ns Ar hostport |
1417 | or a Unix domain socket path, | ||
1410 | otherwise if no destination argument is specified then the remote forwarding | 1418 | otherwise if no destination argument is specified then the remote forwarding |
1411 | will be established as a SOCKS proxy. | 1419 | will be established as a SOCKS proxy. |
1412 | .Pp | 1420 | .Pp |
@@ -1415,6 +1423,9 @@ Multiple forwardings may be specified, and additional | |||
1415 | forwardings can be given on the command line. | 1423 | forwardings can be given on the command line. |
1416 | Privileged ports can be forwarded only when | 1424 | Privileged ports can be forwarded only when |
1417 | logging in as root on the remote machine. | 1425 | logging in as root on the remote machine. |
1426 | Unix domain socket paths accept the tokens described in the | ||
1427 | .Sx TOKENS | ||
1428 | section. | ||
1418 | .Pp | 1429 | .Pp |
1419 | If the | 1430 | If the |
1420 | .Ar port | 1431 | .Ar port |
@@ -1845,13 +1856,15 @@ otherwise. | |||
1845 | The local username. | 1856 | The local username. |
1846 | .El | 1857 | .El |
1847 | .Pp | 1858 | .Pp |
1848 | .Cm Match exec , | ||
1849 | .Cm CertificateFile , | 1859 | .Cm CertificateFile , |
1850 | .Cm ControlPath , | 1860 | .Cm ControlPath , |
1851 | .Cm IdentityAgent , | 1861 | .Cm IdentityAgent , |
1852 | .Cm IdentityFile , | 1862 | .Cm IdentityFile , |
1863 | .Cm LocalForward, | ||
1864 | .Cm Match exec , | ||
1865 | .Cm RemoteCommand , | ||
1853 | and | 1866 | and |
1854 | .Cm RemoteCommand | 1867 | .Cm RemoteForward |
1855 | accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u. | 1868 | accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u. |
1856 | .Pp | 1869 | .Pp |
1857 | .Cm Hostname | 1870 | .Cm Hostname |