- reyk@cvs.openbsd.org 2005/12/06 22:38:28

[auth-options.c auth-options.h channels.c channels.h clientloop.c] [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h] [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c] [sshconnect.h sshd.8 sshd_config sshd_config.5] Add support for tun(4) forwarding over OpenSSH, based on an idea and initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
author: Damien Miller <djm@mindrot.org> 2005-12-13 19:29:02 +1100
committer: Damien Miller <djm@mindrot.org> 2005-12-13 19:29:02 +1100
commit: d27b947178df3689bfb7fdfb62a5f1337ef73481 (patch)
tree: c8678325c355b3602bdabca16da1baa8707818eb /ssh_config.5
parent: 6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff)
1 files changed, 37 insertions, 1 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 13cdee88b..d1930baab 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.64 2005/10/30 08:43:47 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.65 2005/12/06 22:38:27 reyk Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -556,6 +556,14 @@ The default is
 Specifies the list of methods to use in keyboard-interactive authentication.
 Multiple method names must be comma-separated.
 The default is to use the server specified list.
+.It Cm LocalCommand
+Specifies a command to execute on the local machine after successfully
+connecting to the server.
+The command string extends to the end of the line, and is executed with
+.Pa /bin/sh .
+This directive is ignored unless
+.Cm PermitLocalCommand
+has been enabled.
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
@@ -628,6 +636,19 @@ The default is
 .It Cm Port
 Specifies the port number to connect on the remote host.
 Default is 22.
+.It Cm PermitLocalCommand
+Allow local command execution via the
+.Ic LocalCommand
+option or using the
+.Ic ! Ar command
+escape sequence in
+.Xr ssh 1 .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
 .It Cm PreferredAuthentications
 Specifies the order in which the client should try protocol 2
 authentication methods.
@@ -887,6 +908,21 @@ Note that this option must be set to
 for
 .Cm RhostsRSAAuthentication
 with older servers.
+.It Cm Tunnel
+Request starting
+.Xr tun 4
+device forwarding between the client and the server.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm TunnelDevice
+Force a specified
+.Xr tun 4
+device on the client.
+Without this option, the next available device will be used.
 .It Cm User
 Specifies the user to log in as.
 This can be useful when a different user name is used on different machines.
author	Damien Miller <djm@mindrot.org>	2005-12-13 19:29:02 +1100
committer	Damien Miller <djm@mindrot.org>	2005-12-13 19:29:02 +1100
commit	d27b947178df3689bfb7fdfb62a5f1337ef73481 (patch)
tree	c8678325c355b3602bdabca16da1baa8707818eb /ssh_config.5
parent	6dbdb6afeec1820b2799c2693fc8e8b364be8228 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 13cdee88b..d1930baab 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.64 2005/10/30 08:43:47 jmc Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.65 2005/12/06 22:38:27 reyk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -556,6 +556,14 @@ The default is
556	Specifies the list of methods to use in keyboard-interactive authentication.	556	Specifies the list of methods to use in keyboard-interactive authentication.
557	Multiple method names must be comma-separated.	557	Multiple method names must be comma-separated.
558	The default is to use the server specified list.	558	The default is to use the server specified list.
		559	.It Cm LocalCommand
		560	Specifies a command to execute on the local machine after successfully
		561	connecting to the server.
		562	The command string extends to the end of the line, and is executed with
		563	.Pa /bin/sh .
		564	This directive is ignored unless
		565	.Cm PermitLocalCommand
		566	has been enabled.
559	.It Cm LocalForward	567	.It Cm LocalForward
560	Specifies that a TCP/IP port on the local machine be forwarded over	568	Specifies that a TCP/IP port on the local machine be forwarded over
561	the secure channel to the specified host and port from the remote machine.	569	the secure channel to the specified host and port from the remote machine.
@@ -628,6 +636,19 @@ The default is
628	.It Cm Port	636	.It Cm Port
629	Specifies the port number to connect on the remote host.	637	Specifies the port number to connect on the remote host.
630	Default is 22.	638	Default is 22.
		639	.It Cm PermitLocalCommand
		640	Allow local command execution via the
		641	.Ic LocalCommand
		642	option or using the
		643	.Ic ! Ar command
		644	escape sequence in
		645	.Xr ssh 1 .
		646	The argument must be
		647	.Dq yes
		648	or
		649	.Dq no .
		650	The default is
		651	.Dq no .
631	.It Cm PreferredAuthentications	652	.It Cm PreferredAuthentications
632	Specifies the order in which the client should try protocol 2	653	Specifies the order in which the client should try protocol 2
633	authentication methods.	654	authentication methods.
@@ -887,6 +908,21 @@ Note that this option must be set to
887	for	908	for
888	.Cm RhostsRSAAuthentication	909	.Cm RhostsRSAAuthentication
889	with older servers.	910	with older servers.
		911	.It Cm Tunnel
		912	Request starting
		913	.Xr tun 4
		914	device forwarding between the client and the server.
		915	The argument must be
		916	.Dq yes
		917	or
		918	.Dq no .
		919	The default is
		920	.Dq no .
		921	.It Cm TunnelDevice
		922	Force a specified
		923	.Xr tun 4
		924	device on the client.
		925	Without this option, the next available device will be used.
890	.It Cm User	926	.It Cm User
891	Specifies the user to log in as.	927	Specifies the user to log in as.
892	This can be useful when a different user name is used on different machines.	928	This can be useful when a different user name is used on different machines.