From 19ceb17040ba3c93833d4219d83f2002d25fd3fa Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 12 Sep 2001 17:54:24 +0000 Subject: - stevesk@cvs.openbsd.org 2001/08/29 23:13:10 [ssh.1 ssh.c] document -D and DynamicForward; ok markus --- ChangeLog | 5 ++++- ssh.1 | 27 ++++++++++++++++++++++++++- ssh.c | 3 ++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5316a52f5..4855b0eaa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ - stevesk@cvs.openbsd.org 2001/08/29 23:02:21 [sshd.8] add text about -u0 preventing DNS requests; ok markus@ + - stevesk@cvs.openbsd.org 2001/08/29 23:13:10 + [ssh.1 ssh.c] + document -D and DynamicForward; ok markus@ 20010815 - (bal) Fixed stray code in readconf.c that went in by mistake. @@ -6372,4 +6375,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1499 2001/09/12 17:51:55 mouring Exp $ +$Id: ChangeLog,v 1.1500 2001/09/12 17:54:24 mouring Exp $ diff --git a/ssh.1 b/ssh.1 index 02c6ce6f9..dfd38a6b8 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.132 2001/08/28 15:39:48 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.133 2001/08/29 23:13:11 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -606,6 +606,20 @@ Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified with an alternative syntax: .Ar port/host/hostport +.It Fl D Ar port +Specifies a local +.Dq dynamic +application-level port forwarding. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. Currently the SOCKS4 protocol is supported, and +.Nm +will act as a SOCKS4 server. +Only root can forward privileged ports. +Dynamic port forwardings can also be specified in the configuration file. .It Fl 1 Forces .Nm @@ -773,6 +787,17 @@ back to rsh or exiting. The argument must be an integer. This may be useful in scripts if the connection sometimes fails. The default is 1. +.It Cm DynamicForward +Specifies that a TCP/IP port on the local machine be forwarded +over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. The argument must be a port number. +Currently the SOCKS4 protocol is supported, and +.Nm +will act as a SOCKS4 server. +Multiple forwardings may be specified, and +additional forwardings can be given on the command line. Only +the superuser can forward privileged ports. .It Cm EscapeChar Sets the escape character (default: .Ql ~ ) . diff --git a/ssh.c b/ssh.c index e20758785..4fcaaeae5 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.139 2001/08/28 15:39:48 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.140 2001/08/29 23:13:10 stevesk Exp $"); #include #include @@ -194,6 +194,7 @@ usage(void) fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n"); fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname); fprintf(stderr, " forward them to the other side by connecting to host:port.\n"); + fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n"); fprintf(stderr, " -C Enable compression.\n"); fprintf(stderr, " -N Do not execute a shell or command.\n"); fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); -- cgit v1.2.3