1 files changed, 40 insertions, 4 deletions
diff --git a/ssh.1 b/ssh.1
index b0749763b..135e3b6c5 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $
+.\" $OpenBSD: ssh.1,v 1.210 2005/09/19 11:37:34 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -47,7 +47,12 @@
 .Op Fl 1246AaCfgkMNnqsTtVvXxY
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
-.Op Fl D Ar port
+.Oo Fl D\ \&
+.Sm off
+.Oo Ar bind_address : Oc
+.Ar port
+.Sm on
+.Oc
 .Op Fl e Ar escape_char
 .Op Fl F Ar configfile
 .Op Fl i Ar identity_file
@@ -494,13 +499,20 @@ The default is
    arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
    aes192-ctr,aes256-ctr''
 .Ed
-.It Fl D Ar port
+.It Fl D Xo
+.Sm off
+.Oo Ar bind_address : Oc
+.Ar port
+.Sm on
+.Xc
 Specifies a local
 .Dq dynamic
 application-level port forwarding.
 This works by allocating a socket to listen to
 .Ar port
-on the local side, and whenever a connection is made to this port, the
+on the local side, optionally bound to the specified
+.Ar bind_address .
+Whenever a connection is made to this port, the
 connection is forwarded over the secure channel, and the application
 protocol is then used to determine where to connect to from the
 remote machine.
@@ -509,6 +521,30 @@ Currently the SOCKS4 and SOCKS5 protocols are supported, and
 will act as a SOCKS server.
 Only root can forward privileged ports.
 Dynamic port forwardings can also be specified in the configuration file.
+.Pp
+IPv6 addresses can be specified with an alternative syntax:
+.Sm off
+.Xo
+.Op Ar bind_address No /
+.Ar port
+.Xc
+.Sm on
+or by enclosing the address in square brackets.
+Only the superuser can forward privileged ports.
+By default, the local port is bound in accordance with the
+.Cm GatewayPorts
+setting.
+However, an explicit
+.Ar bind_address
+may be used to bind the connection to a specific address.
+The
+.Ar bind_address
+of
+.Dq localhost
+indicates that the listening port be bound for local use only, while an
+empty address or
+.Sq *
+indicates that the port should be available from all interfaces.
 .It Fl e Ar ch | ^ch | none
 Sets the escape character for sessions with a pty (default:
 .Ql ~ ) .

diff --git a/ssh.1 b/ssh.1 index b0749763b..135e3b6c5 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $	37	.\" $OpenBSD: ssh.1,v 1.210 2005/09/19 11:37:34 djm Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -47,7 +47,12 @@
47	.Op Fl 1246AaCfgkMNnqsTtVvXxY	47	.Op Fl 1246AaCfgkMNnqsTtVvXxY
48	.Op Fl b Ar bind_address	48	.Op Fl b Ar bind_address
49	.Op Fl c Ar cipher_spec	49	.Op Fl c Ar cipher_spec
50	.Op Fl D Ar port	50	.Oo Fl D\ \&
		51	.Sm off
		52	.Oo Ar bind_address : Oc
		53	.Ar port
		54	.Sm on
		55	.Oc
51	.Op Fl e Ar escape_char	56	.Op Fl e Ar escape_char
52	.Op Fl F Ar configfile	57	.Op Fl F Ar configfile
53	.Op Fl i Ar identity_file	58	.Op Fl i Ar identity_file
@@ -494,13 +499,20 @@ The default is
494	arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,	499	arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
495	aes192-ctr,aes256-ctr''	500	aes192-ctr,aes256-ctr''
496	.Ed	501	.Ed
497	.It Fl D Ar port	502	.It Fl D Xo
		503	.Sm off
		504	.Oo Ar bind_address : Oc
		505	.Ar port
		506	.Sm on
		507	.Xc
498	Specifies a local	508	Specifies a local
499	.Dq dynamic	509	.Dq dynamic
500	application-level port forwarding.	510	application-level port forwarding.
501	This works by allocating a socket to listen to	511	This works by allocating a socket to listen to
502	.Ar port	512	.Ar port
503	on the local side, and whenever a connection is made to this port, the	513	on the local side, optionally bound to the specified
		514	.Ar bind_address .
		515	Whenever a connection is made to this port, the
504	connection is forwarded over the secure channel, and the application	516	connection is forwarded over the secure channel, and the application
505	protocol is then used to determine where to connect to from the	517	protocol is then used to determine where to connect to from the
506	remote machine.	518	remote machine.
@@ -509,6 +521,30 @@ Currently the SOCKS4 and SOCKS5 protocols are supported, and
509	will act as a SOCKS server.	521	will act as a SOCKS server.
510	Only root can forward privileged ports.	522	Only root can forward privileged ports.
511	Dynamic port forwardings can also be specified in the configuration file.	523	Dynamic port forwardings can also be specified in the configuration file.
		524	.Pp
		525	IPv6 addresses can be specified with an alternative syntax:
		526	.Sm off
		527	.Xo
		528	.Op Ar bind_address No /
		529	.Ar port
		530	.Xc
		531	.Sm on
		532	or by enclosing the address in square brackets.
		533	Only the superuser can forward privileged ports.
		534	By default, the local port is bound in accordance with the
		535	.Cm GatewayPorts
		536	setting.
		537	However, an explicit
		538	.Ar bind_address
		539	may be used to bind the connection to a specific address.
		540	The
		541	.Ar bind_address
		542	of
		543	.Dq localhost
		544	indicates that the listening port be bound for local use only, while an
		545	empty address or
		546	.Sq *
		547	indicates that the port should be available from all interfaces.
512	.It Fl e Ar ch \| ^ch \| none	548	.It Fl e Ar ch \| ^ch \| none
513	Sets the escape character for sessions with a pty (default:	549	Sets the escape character for sessions with a pty (default:
514	.Ql ~ ) .	550	.Ql ~ ) .