summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.823
1 files changed, 20 insertions, 3 deletions
diff --git a/sshd.8 b/sshd.8
index 62cac6f28..192094ca0 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $ 36.\" $OpenBSD: sshd.8,v 1.300 2018/06/06 18:24:15 djm Exp $
37.Dd $Mdocdate: March 14 2018 $ 37.Dd $Mdocdate: June 6 2018 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -554,11 +554,28 @@ Disables execution of
554.It Cm no-X11-forwarding 554.It Cm no-X11-forwarding
555Forbids X11 forwarding when this key is used for authentication. 555Forbids X11 forwarding when this key is used for authentication.
556Any X11 forward requests by the client will return an error. 556Any X11 forward requests by the client will return an error.
557.It Cm permitlisten="host:port"
558Limit remote port forwarding with
559.Xr ssh 1
560.Fl R
561option such that it may only listen on the specified host and port.
562IPv6 addresses can be specified by enclosing the address in square brackets.
563Multiple
564.Cm permitlisten
565options may be applied separated by commas.
566Hostnames may include wildcards as described in the PATTERNS section in
567.Xr ssh_config 5 .
568A port specification of
569.Cm *
570matches any port.
571Note that the setting of
572.Cm GatewayPorts
573may further restrict listen addresses.
557.It Cm permitopen="host:port" 574.It Cm permitopen="host:port"
558Limit local port forwarding with 575Limit local port forwarding with
559.Xr ssh 1 576.Xr ssh 1
560.Fl L 577.Fl L
561such that it may only connect to the specified host and port. 578option such that it may only connect to the specified host and port.
562IPv6 addresses can be specified by enclosing the address in square brackets. 579IPv6 addresses can be specified by enclosing the address in square brackets.
563Multiple 580Multiple
564.Cm permitopen 581.Cm permitopen