diff options
author | Damien Miller <djm@mindrot.org> | 2005-03-01 21:24:33 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2005-03-01 21:24:33 +1100 |
commit | f91ee4c3def4de8b4b9409f07ab26a61e535e1e6 (patch) | |
tree | 92d9f883c3c34f0d80b49a7855dcc2514798cf02 /sshd_config.5 | |
parent | 1717fd422f2c5691d745a7daf6908df9a6458904 (diff) |
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index da6d97c68..8d291e61d 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.38 2005/01/08 00:41:19 jmc Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -256,12 +256,15 @@ This prevents other remote hosts from connecting to forwarded ports. | |||
256 | .Cm GatewayPorts | 256 | .Cm GatewayPorts |
257 | can be used to specify that | 257 | can be used to specify that |
258 | .Nm sshd | 258 | .Nm sshd |
259 | should bind remote port forwardings to the wildcard address, | 259 | should allow remote port forwardings to bind to non-loopback addresses, thus |
260 | thus allowing remote hosts to connect to forwarded ports. | 260 | allowing other hosts to connect. |
261 | The argument must be | 261 | The argument may be |
262 | .Dq no | ||
263 | to force remote port forwardings to be available to the local host only, | ||
262 | .Dq yes | 264 | .Dq yes |
263 | or | 265 | to force remote port forwardings to bind to the wildcard address, or |
264 | .Dq no . | 266 | .Dq clientspecified |
267 | to allow the client to select the address to which the forwarding is bound. | ||
265 | The default is | 268 | The default is |
266 | .Dq no . | 269 | .Dq no . |
267 | .It Cm GSSAPIAuthentication | 270 | .It Cm GSSAPIAuthentication |