From 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 25 Oct 2017 00:17:08 +0000 Subject: upstream commit add sshd_config RDomain keyword to place sshd and the subsequent user session (including the shell and any TCP/IP forwardings) into the specified rdomain(4) ok markus@ Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 --- sshd_config.5 | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'sshd_config.5') diff --git a/sshd_config.5 b/sshd_config.5 index b63a022b7..c216fb75b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.256 2017/10/25 00:15:35 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.257 2017/10/25 00:17:08 djm Exp $ .Dd $Mdocdate: October 25 2017 $ .Dt SSHD_CONFIG 5 .Os @@ -1118,6 +1118,7 @@ Available keywords are .Cm PubkeyAuthentication , .Cm RekeyLimit , .Cm RevokedKeys , +.Cm RDomain , .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , @@ -1378,6 +1379,15 @@ an OpenSSH Key Revocation List (KRL) as generated by .Xr ssh-keygen 1 . For more information on KRLs, see the KEY REVOCATION LISTS section in .Xr ssh-keygen 1 . +.It Cm RDomain +Specifies an explicit routing domain that is applied after authentication +has completed. +The user session, as well and any forwarded or listening IP sockets will +be bound to this +.Xr rdomain 4 . +If the routing domain is set to +.Cm \&%D , +then the domain in which the incoming connection was recieved will be applied. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1643,6 +1653,8 @@ which are expanded at runtime: .It %% A literal .Sq % . +.It \&%D +The routing domain in which the incoming connection was received. .It %F The fingerprint of the CA key. .It %f @@ -1679,6 +1691,9 @@ accepts the tokens %%, %h, and %u. .Pp .Cm ChrootDirectory accepts the tokens %%, %h, and %u. +.Pp +.Cm RoutingDomain +accepts the token %D. .Sh FILES .Bl -tag -width Ds .It Pa /etc/ssh/sshd_config -- cgit v1.2.3