diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ssh.1 | 38 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | ssh_config.5 | 38 | ||||
-rw-r--r-- | sshd_config.5 | 15 |
5 files changed, 72 insertions, 29 deletions
@@ -8,6 +8,10 @@ | |||
8 | [clientloop.c] | 8 | [clientloop.c] |
9 | mention optional bind_address in runtime port forwarding setup | 9 | mention optional bind_address in runtime port forwarding setup |
10 | command-line help. patch from santhi.amirta AT gmail.com | 10 | command-line help. patch from santhi.amirta AT gmail.com |
11 | - stevesk@cvs.openbsd.org 2006/07/02 17:12:58 | ||
12 | [ssh.1 ssh.c ssh_config.5 sshd_config.5] | ||
13 | more details and clarity for tun(4) device forwarding; ok and help | ||
14 | jmc@ | ||
11 | 15 | ||
12 | 20060706 | 16 | 20060706 |
13 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when | 17 | - (dtucker) [configure.ac] Try AIX blibpath test in different order when |
@@ -4741,4 +4745,4 @@ | |||
4741 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4745 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
4742 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4746 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
4743 | 4747 | ||
4744 | $Id: ChangeLog,v 1.4361 2006/07/10 10:16:12 djm Exp $ | 4748 | $Id: ChangeLog,v 1.4362 2006/07/10 10:16:27 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.260 2006/05/29 16:13:23 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.261 2006/07/02 17:12:58 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -78,7 +78,8 @@ | |||
78 | .Oc | 78 | .Oc |
79 | .Op Fl S Ar ctl_path | 79 | .Op Fl S Ar ctl_path |
80 | .Bk -words | 80 | .Bk -words |
81 | .Op Fl w Ar tunnel : Ns Ar tunnel | 81 | .Oo Fl w Ar local_tun Ns |
82 | .Op : Ns Ar remote_tun Oc | ||
82 | .Oo Ar user Ns @ Oc Ns Ar hostname | 83 | .Oo Ar user Ns @ Oc Ns Ar hostname |
83 | .Op Ar command | 84 | .Op Ar command |
84 | .Ek | 85 | .Ek |
@@ -588,24 +589,35 @@ Multiple | |||
588 | .Fl v | 589 | .Fl v |
589 | options increase the verbosity. | 590 | options increase the verbosity. |
590 | The maximum is 3. | 591 | The maximum is 3. |
591 | .It Fl w Ar tunnel : Ns Ar tunnel | 592 | .It Fl w Xo |
592 | Requests a | 593 | .Ar local_tun Ns Op : Ns Ar remote_tun |
594 | .Xc | ||
595 | Requests | ||
596 | tunnel | ||
597 | device forwarding with the specified | ||
593 | .Xr tun 4 | 598 | .Xr tun 4 |
594 | device on the client | 599 | devices between the client |
595 | (first | 600 | .Pq Ar local_tun |
596 | .Ar tunnel | 601 | and the server |
597 | arg) | 602 | .Pq Ar remote_tun . |
598 | and server | 603 | .Pp |
599 | (second | ||
600 | .Ar tunnel | ||
601 | arg). | ||
602 | The devices may be specified by numerical ID or the keyword | 604 | The devices may be specified by numerical ID or the keyword |
603 | .Dq any , | 605 | .Dq any , |
604 | which uses the next available tunnel device. | 606 | which uses the next available tunnel device. |
607 | If | ||
608 | .Ar remote_tun | ||
609 | is not specified, it defaults to | ||
610 | .Dq any . | ||
605 | See also the | 611 | See also the |
606 | .Cm Tunnel | 612 | .Cm Tunnel |
607 | directive in | 613 | and |
614 | .Cm TunnelDevice | ||
615 | directives in | ||
608 | .Xr ssh_config 5 . | 616 | .Xr ssh_config 5 . |
617 | If the | ||
618 | .Cm Tunnel | ||
619 | directive is unset, it is set to the default tunnel mode, which is | ||
620 | .Dq point-to-point . | ||
609 | .It Fl X | 621 | .It Fl X |
610 | Enables X11 forwarding. | 622 | Enables X11 forwarding. |
611 | This can also be specified on a per-host basis in a configuration file. | 623 | This can also be specified on a per-host basis in a configuration file. |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.277 2006/07/02 17:12:58 stevesk Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -176,7 +176,7 @@ usage(void) | |||
176 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" | 176 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" |
177 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | 177 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
178 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" | 178 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
179 | " [-w tunnel:tunnel] [user@]hostname [command]\n" | 179 | " [-w local_tun[:remote_tun]] [user@]hostname [command]\n" |
180 | ); | 180 | ); |
181 | exit(255); | 181 | exit(255); |
182 | } | 182 | } |
diff --git a/ssh_config.5 b/ssh_config.5 index 0d40fd63e..68ec311b2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.94 2006/05/29 16:10:03 jmc Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.95 2006/07/02 17:12:58 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -931,24 +931,44 @@ This is important in scripts, and many users want it too. | |||
931 | To disable TCP keepalive messages, the value should be set to | 931 | To disable TCP keepalive messages, the value should be set to |
932 | .Dq no . | 932 | .Dq no . |
933 | .It Cm Tunnel | 933 | .It Cm Tunnel |
934 | Request starting | 934 | Request |
935 | .Xr tun 4 | 935 | .Xr tun 4 |
936 | device forwarding between the client and the server. | 936 | device forwarding between the client and the server. |
937 | This option also allows requesting layer 2 (ethernet) | ||
938 | instead of layer 3 (point-to-point) tunneling from the server. | ||
939 | The argument must be | 937 | The argument must be |
940 | .Dq yes , | 938 | .Dq yes , |
941 | .Dq point-to-point , | 939 | .Dq point-to-point |
942 | .Dq ethernet , | 940 | (layer 3), |
941 | .Dq ethernet | ||
942 | (layer 2), | ||
943 | or | 943 | or |
944 | .Dq no . | 944 | .Dq no . |
945 | Specifying | ||
946 | .Dq yes | ||
947 | requests the default tunnel mode, which is | ||
948 | .Dq point-to-point . | ||
945 | The default is | 949 | The default is |
946 | .Dq no . | 950 | .Dq no . |
947 | .It Cm TunnelDevice | 951 | .It Cm TunnelDevice |
948 | Force a specified | 952 | Specifies the |
949 | .Xr tun 4 | 953 | .Xr tun 4 |
950 | device on the client. | 954 | devices to open on the client |
951 | Without this option, the next available device will be used. | 955 | .Pq Ar local_tun |
956 | and the server | ||
957 | .Pq Ar remote_tun . | ||
958 | .Pp | ||
959 | The argument must be | ||
960 | .Sm off | ||
961 | .Ar local_tun Op : Ar remote_tun . | ||
962 | .Sm on | ||
963 | The devices may be specified by numerical ID or the keyword | ||
964 | .Dq any , | ||
965 | which uses the next available tunnel device. | ||
966 | If | ||
967 | .Ar remote_tun | ||
968 | is not specified, it defaults to | ||
969 | .Dq any . | ||
970 | The default is | ||
971 | .Dq any:any . | ||
952 | .It Cm UsePrivilegedPort | 972 | .It Cm UsePrivilegedPort |
953 | Specifies whether to use a privileged port for outgoing connections. | 973 | Specifies whether to use a privileged port for outgoing connections. |
954 | The argument must be | 974 | The argument must be |
diff --git a/sshd_config.5 b/sshd_config.5 index aad28f4c8..836add94f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.57 2006/03/14 16:32:48 markus Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.58 2006/07/02 17:12:58 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -537,10 +537,17 @@ Specifies whether | |||
537 | device forwarding is allowed. | 537 | device forwarding is allowed. |
538 | The argument must be | 538 | The argument must be |
539 | .Dq yes , | 539 | .Dq yes , |
540 | .Dq point-to-point , | 540 | .Dq point-to-point |
541 | .Dq ethernet , | 541 | (layer 3), |
542 | or | 542 | .Dq ethernet |
543 | (layer 2), or | ||
543 | .Dq no . | 544 | .Dq no . |
545 | Specifying | ||
546 | .Dq yes | ||
547 | permits both | ||
548 | .Dq point-to-point | ||
549 | and | ||
550 | .Dq ethernet . | ||
544 | The default is | 551 | The default is |
545 | .Dq no . | 552 | .Dq no . |
546 | .It Cm PermitUserEnvironment | 553 | .It Cm PermitUserEnvironment |