summaryrefslogtreecommitdiff
path: root/ssh.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.0')
-rw-r--r--ssh.044
1 files changed, 21 insertions, 23 deletions
diff --git a/ssh.0 b/ssh.0
index 2d8994ffc..f53bda666 100644
--- a/ssh.0
+++ b/ssh.0
@@ -130,7 +130,7 @@ DESCRIPTION
130 130
131 -I pkcs11 131 -I pkcs11
132 Specify the PKCS#11 shared library ssh should use to communicate 132 Specify the PKCS#11 shared library ssh should use to communicate
133 with a PKCS#11 token providing the user's private RSA key. 133 with a PKCS#11 token providing keys for user authentication.
134 134
135 -i identity_file 135 -i identity_file
136 Selects a file from which the identity (private key) for public 136 Selects a file from which the identity (private key) for public
@@ -150,6 +150,10 @@ DESCRIPTION
150 TCP forwarding to the ultimate destination from there. Multiple 150 TCP forwarding to the ultimate destination from there. Multiple
151 jump hops may be specified separated by comma characters. This 151 jump hops may be specified separated by comma characters. This
152 is a shortcut to specify a ProxyJump configuration directive. 152 is a shortcut to specify a ProxyJump configuration directive.
153 Note that configuration directives supplied on the command-line
154 generally apply to the destination host and not any specified
155 jump hosts. Use ~/.ssh/config to specify configuration for jump
156 hosts.
153 157
154 -K Enables GSSAPI-based authentication and forwarding (delegation) 158 -K Enables GSSAPI-based authentication and forwarding (delegation)
155 of GSSAPI credentials to the server. 159 of GSSAPI credentials to the server.
@@ -594,36 +598,30 @@ ESCAPE CHARACTERS
594 to stderr. 598 to stderr.
595 599
596TCP FORWARDING 600TCP FORWARDING
597 Forwarding of arbitrary TCP connections over the secure channel can be 601 Forwarding of arbitrary TCP connections over a secure channel can be
598 specified either on the command line or in a configuration file. One 602 specified either on the command line or in a configuration file. One
599 possible application of TCP forwarding is a secure connection to a mail 603 possible application of TCP forwarding is a secure connection to a mail
600 server; another is going through firewalls. 604 server; another is going through firewalls.
601 605
602 In the example below, we look at encrypting communication between an IRC 606 In the example below, we look at encrypting communication for an IRC
603 client and server, even though the IRC server does not directly support 607 client, even though the IRC server it connects to does not directly
604 encrypted communications. This works as follows: the user connects to 608 support encrypted communication. This works as follows: the user
605 the remote host using ssh, specifying a port to be used to forward 609 connects to the remote host using ssh, specifying the ports to be used to
606 connections to the remote server. After that it is possible to start the 610 forward the connection. After that it is possible to start the program
607 service which is to be encrypted on the client machine, connecting to the 611 locally, and ssh will encrypt and forward the connection to the remote
608 same local port, and ssh will encrypt and forward the connection. 612 server.
609 613
610 The following example tunnels an IRC session from client machine 614 The following example tunnels an IRC session from the client to an IRC
611 M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]: 615 server at M-bM-^@M-^\server.example.comM-bM-^@M-^], joining channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname
616 M-bM-^@M-^\pinkyM-bM-^@M-^], using the standard IRC port, 6667:
612 617
613 $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 618 $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
614 $ irc -c '#users' -p 1234 pinky 127.0.0.1 619 $ irc -c '#users' pinky IRC/127.0.0.1
615
616 This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining
617 channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter
618 which port is used, as long as it's greater than 1023 (remember, only
619 root can open sockets on privileged ports) and doesn't conflict with any
620 ports already in use. The connection is forwarded to port 6667 on the
621 remote server, since that's the standard port for IRC services.
622 620
623 The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is 621 The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is
624 specified to allow an amount of time (10 seconds, in the example) to 622 specified to allow an amount of time (10 seconds, in the example) to
625 start the service which is to be tunnelled. If no connections are made 623 start the program which is going to use the tunnel. If no connections
626 within the time specified, ssh will exit. 624 are made within the time specified, ssh will exit.
627 625
628X11 FORWARDING 626X11 FORWARDING
629 If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the 627 If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the
@@ -979,4 +977,4 @@ AUTHORS
979 created OpenSSH. Markus Friedl contributed the support for SSH protocol 977 created OpenSSH. Markus Friedl contributed the support for SSH protocol
980 versions 1.5 and 2.0. 978 versions 1.5 and 2.0.
981 979
982OpenBSD 6.4 September 20, 2018 OpenBSD 6.4 980OpenBSD 6.5 March 16, 2019 OpenBSD 6.5