diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 1231f3db8..775caf717 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.270 2018/06/01 06:23:10 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.271 2018/06/06 18:24:00 djm Exp $ |
37 | .Dd $Mdocdate: June 1 2018 $ | 37 | .Dd $Mdocdate: June 6 2018 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1125,6 +1125,7 @@ Available keywords are | |||
1125 | .Cm MaxSessions , | 1125 | .Cm MaxSessions , |
1126 | .Cm PasswordAuthentication , | 1126 | .Cm PasswordAuthentication , |
1127 | .Cm PermitEmptyPasswords , | 1127 | .Cm PermitEmptyPasswords , |
1128 | .Cm PermitListen , | ||
1128 | .Cm PermitOpen , | 1129 | .Cm PermitOpen , |
1129 | .Cm PermitRootLogin , | 1130 | .Cm PermitRootLogin , |
1130 | .Cm PermitTTY , | 1131 | .Cm PermitTTY , |
@@ -1184,6 +1185,44 @@ When password authentication is allowed, it specifies whether the | |||
1184 | server allows login to accounts with empty password strings. | 1185 | server allows login to accounts with empty password strings. |
1185 | The default is | 1186 | The default is |
1186 | .Cm no . | 1187 | .Cm no . |
1188 | .It Cm PermitListen | ||
1189 | Specifies the addresses/ports on which a remote TCP port forwarding may listen. | ||
1190 | The listen specification must be one of the following forms: | ||
1191 | .Pp | ||
1192 | .Bl -item -offset indent -compact | ||
1193 | .It | ||
1194 | .Cm PermitListen | ||
1195 | .Sm off | ||
1196 | .Ar host : port | ||
1197 | .Sm on | ||
1198 | .It | ||
1199 | .Cm PermitListen | ||
1200 | .Sm off | ||
1201 | .Ar IPv4_addr : port | ||
1202 | .Sm on | ||
1203 | .It | ||
1204 | .Cm PermitListen | ||
1205 | .Sm off | ||
1206 | .Ar \&[ IPv6_addr \&] : port | ||
1207 | .Sm on | ||
1208 | .El | ||
1209 | .Pp | ||
1210 | Multiple permissions may be specified by separating them with whitespace. | ||
1211 | An argument of | ||
1212 | .Cm any | ||
1213 | can be used to remove all restrictions and permit any listen requests. | ||
1214 | An argument of | ||
1215 | .Cm none | ||
1216 | can be used to prohibit all listen requests. | ||
1217 | The host name may contain wildcards as described in the PATTERNS section in | ||
1218 | .Xr ssh_config 5 . | ||
1219 | The wildcard | ||
1220 | .Sq * | ||
1221 | can also be used in place of a port number to allow all ports. | ||
1222 | By default all port forwarding listen requests are permitted. | ||
1223 | Note that | ||
1224 | .Cm GatewayPorts | ||
1225 | option may further restrict which addresses may be listened on. | ||
1187 | .It Cm PermitOpen | 1226 | .It Cm PermitOpen |
1188 | Specifies the destinations to which TCP port forwarding is permitted. | 1227 | Specifies the destinations to which TCP port forwarding is permitted. |
1189 | The forwarding specification must be one of the following forms: | 1228 | The forwarding specification must be one of the following forms: |