diff options
Diffstat (limited to 'sshd.8')
-rw-r--r-- | sshd.8 | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.301 2018/06/07 11:26:14 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.302 2018/06/19 02:59:41 djm Exp $ |
37 | .Dd $Mdocdate: June 7 2018 $ | 37 | .Dd $Mdocdate: June 19 2018 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -554,11 +554,11 @@ Disables execution of | |||
554 | .It Cm no-X11-forwarding | 554 | .It Cm no-X11-forwarding |
555 | Forbids X11 forwarding when this key is used for authentication. | 555 | Forbids X11 forwarding when this key is used for authentication. |
556 | Any X11 forward requests by the client will return an error. | 556 | Any X11 forward requests by the client will return an error. |
557 | .It Cm permitlisten="host:port" | 557 | .It Cm permitlisten="[host:]port" |
558 | Limit remote port forwarding with the | 558 | Limit remote port forwarding with the |
559 | .Xr ssh 1 | 559 | .Xr ssh 1 |
560 | .Fl R | 560 | .Fl R |
561 | option such that it may only listen on the specified host and port. | 561 | option such that it may only listen on the specified host (optional) and port. |
562 | IPv6 addresses can be specified by enclosing the address in square brackets. | 562 | IPv6 addresses can be specified by enclosing the address in square brackets. |
563 | Multiple | 563 | Multiple |
564 | .Cm permitlisten | 564 | .Cm permitlisten |
@@ -571,6 +571,15 @@ matches any port. | |||
571 | Note that the setting of | 571 | Note that the setting of |
572 | .Cm GatewayPorts | 572 | .Cm GatewayPorts |
573 | may further restrict listen addresses. | 573 | may further restrict listen addresses. |
574 | Note that | ||
575 | .Xr ssh 1 | ||
576 | will send a hostname of | ||
577 | .Dq localhost | ||
578 | if a listen host was not specified when the forwarding was requested, and | ||
579 | that his name is treated differently to the explicit localhost addresses | ||
580 | .Dq 127.0.0.1 | ||
581 | and | ||
582 | .Dq ::1 . | ||
574 | .It Cm permitopen="host:port" | 583 | .It Cm permitopen="host:port" |
575 | Limit local port forwarding with the | 584 | Limit local port forwarding with the |
576 | .Xr ssh 1 | 585 | .Xr ssh 1 |
@@ -639,6 +648,8 @@ command="dump /home",no-pty,no-port-forwarding ssh-dss | |||
639 | AAAAC3...51R== example.net | 648 | AAAAC3...51R== example.net |
640 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss | 649 | permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss |
641 | AAAAB5...21S== | 650 | AAAAB5...21S== |
651 | permitlisten="localhost:8080",permitopen="localhost:22000" ssh-dss | ||
652 | AAAAB5...21S== | ||
642 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== | 653 | tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
643 | jane@example.net | 654 | jane@example.net |
644 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== | 655 | restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== |