diff options
author | markus@openbsd.org <markus@openbsd.org> | 2017-09-21 19:16:53 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-09-22 09:14:53 +1000 |
commit | 609d7a66ce578abf259da2d5f6f68795c2bda731 (patch) | |
tree | fa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh_config.5 | |
parent | 36945fa103176c00b39731e1fc1919a0d0808b81 (diff) |
upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index ca5a41103..eab8dd01c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.255 2017/09/04 06:34:43 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $ |
37 | .Dd $Mdocdate: September 4 2017 $ | 37 | .Dd $Mdocdate: September 21 2017 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1298,13 +1298,19 @@ accept the tokens described in the | |||
1298 | section. | 1298 | section. |
1299 | .It Cm RemoteForward | 1299 | .It Cm RemoteForward |
1300 | Specifies that a TCP port on the remote machine be forwarded over | 1300 | Specifies that a TCP port on the remote machine be forwarded over |
1301 | the secure channel to the specified host and port from the local machine. | 1301 | the secure channel. |
1302 | The remote port may either be fowarded to a specified host and port | ||
1303 | from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote | ||
1304 | client to connect to arbitrary destinations from the local machine. | ||
1302 | The first argument must be | 1305 | The first argument must be |
1303 | .Sm off | 1306 | .Sm off |
1304 | .Oo Ar bind_address : Oc Ar port | 1307 | .Oo Ar bind_address : Oc Ar port |
1305 | .Sm on | 1308 | .Sm on |
1306 | and the second argument must be | 1309 | If forwarding to a specific destination then the second argument must be |
1307 | .Ar host : Ns Ar hostport . | 1310 | .Ar host : Ns Ar hostport , |
1311 | otherwise if no destination argument is specified then the remote forwarding | ||
1312 | will be established as a SOCKS proxy. | ||
1313 | .Pp | ||
1308 | IPv6 addresses can be specified by enclosing addresses in square brackets. | 1314 | IPv6 addresses can be specified by enclosing addresses in square brackets. |
1309 | Multiple forwardings may be specified, and additional | 1315 | Multiple forwardings may be specified, and additional |
1310 | forwardings can be given on the command line. | 1316 | forwardings can be given on the command line. |