summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2005-03-01 21:24:33 +1100
committerDamien Miller <djm@mindrot.org>2005-03-01 21:24:33 +1100
commitf91ee4c3def4de8b4b9409f07ab26a61e535e1e6 (patch)
tree92d9f883c3c34f0d80b49a7855dcc2514798cf02 /ssh_config.5
parent1717fd422f2c5691d745a7daf6908df9a6458904 (diff)
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h] [misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5] [sshd_config.5] bz#413: allow optional specification of bind address for port forwardings. Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports.
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.570
1 files changed, 61 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 8f6d851b4..6b6cfc5e9 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.43 2005/03/01 10:09:52 djm Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -480,12 +480,37 @@ The default is to use the server specified list.
480Specifies that a TCP/IP port on the local machine be forwarded over 480Specifies that a TCP/IP port on the local machine be forwarded over
481the secure channel to the specified host and port from the remote machine. 481the secure channel to the specified host and port from the remote machine.
482The first argument must be a port number, and the second must be 482The first argument must be a port number, and the second must be
483.Ar host:port . 483.Xo
484IPv6 addresses can be specified with an alternative syntax: 484.Sm off
485.Ar host/port . 485.Oo Ar bind_address : Oc
486Multiple forwardings may be specified, and additional 486.Ar host:port
487forwardings can be given on the command line. 487.Sm on
488.Xc .
489IPv6 addresses can be specified by enclosing addresses in square brackets or
490by using an alternative syntax:
491.Xo
492.Sm off
493.Oo Ar bind_address / Oc
494.Ar host/port
495.Sm on
496.Xc .
497Multiple forwardings may be specified, and additional forwardings can be
498given on the command line.
488Only the superuser can forward privileged ports. 499Only the superuser can forward privileged ports.
500By default, the local port is bound in accordance with the
501.Cm GatewayPorts
502setting.
503However, an explicit
504.Ar bind_address
505may be used to bind the connection to a specific address.
506The
507.Ar bind_address
508of
509.Dq localhost
510indicates that the listening port be bound for local use only, while an
511empty address or
512.Dq *
513indicates that the port should be available from all interfaces.
489.It Cm LogLevel 514.It Cm LogLevel
490Gives the verbosity level that is used when logging messages from 515Gives the verbosity level that is used when logging messages from
491.Nm ssh . 516.Nm ssh .
@@ -592,12 +617,39 @@ This option applies to protocol version 2 only.
592Specifies that a TCP/IP port on the remote machine be forwarded over 617Specifies that a TCP/IP port on the remote machine be forwarded over
593the secure channel to the specified host and port from the local machine. 618the secure channel to the specified host and port from the local machine.
594The first argument must be a port number, and the second must be 619The first argument must be a port number, and the second must be
595.Ar host:port . 620.Xo
596IPv6 addresses can be specified with an alternative syntax: 621.Sm off
597.Ar host/port . 622.Oo Ar bind_address : Oc
623.Ar host:port
624.Sm on
625.Xc .
626IPv6 addresses can be specified by enclosing any addresses in square brackets
627or by using the alternative syntax:
628.Xo
629.Sm off
630.Oo Ar bind_address / Oc
631.Ar host/port
632.Sm on
633.Xc .
598Multiple forwardings may be specified, and additional 634Multiple forwardings may be specified, and additional
599forwardings can be given on the command line. 635forwardings can be given on the command line.
600Only the superuser can forward privileged ports. 636Only the superuser can forward privileged ports.
637.Pp
638If the
639.Ar bind_address
640is not specified, the default is to only bind to loopback addresses.
641If the
642.Ar bind_address
643is
644.Ql *
645or an empty string, then the forwarding is requested to listen on all
646interfaces.
647Specifying a remote
648.Ar bind_address
649will only succeed if the server's
650.Cm GatewayPorts
651option is enabled (see
652.Xr sshd_config 5 ).
601.It Cm RhostsRSAAuthentication 653.It Cm RhostsRSAAuthentication
602Specifies whether to try rhosts based authentication with RSA host 654Specifies whether to try rhosts based authentication with RSA host
603authentication. 655authentication.