diff options
| author | markus@openbsd.org <markus@openbsd.org> | 2017-09-21 19:16:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-09-22 09:14:53 +1000 |
| commit | 609d7a66ce578abf259da2d5f6f68795c2bda731 (patch) | |
| tree | fa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh.1 | |
| parent | 36945fa103176c00b39731e1fc1919a0d0808b81 (diff) | |
| download | openssh-git-609d7a66ce578abf259da2d5f6f68795c2bda731.tar.gz | |
upstream commit
Add 'reverse' dynamic forwarding which combines dynamic
forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
expects SOCKS-requests.
The SSH server code is unchanged and the parsing happens at the SSH
clients side. Thus the full SOCKS-request is sent over the forwarded
channel and the client parses c->output. Parsing happens in
channel_before_prepare_select(), _before_ the select bitmask is
computed in the pre[] handlers, but after network input processing
in the post[] handlers.
help and ok djm@
Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.383 2017/06/09 06:43:01 djm Exp $ -.Dd $Mdocdate: June 9 2017 $ +.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $ +.Dd $Mdocdate: September 21 2017 $ .Dt SSH 1 .Os .Sh NAME @@ -592,21 +592,30 @@ Causes most warning and diagnostic messages to be suppressed. .Ar remote_socket : local_socket .Sm on .Xc +.It Fl R Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar port +.Sm on +.Xc Specifies that connections to the given TCP port or Unix socket on the remote -(server) host are to be forwarded to the given host and port, or Unix socket, -on the local side. +(server) host are to be forwarded to the local side. +.Pp This works by allocating a socket to listen to either a TCP .Ar port or to a Unix socket on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel, and a connection -is made to either +is made from the local machine to either an explicit destination specified by .Ar host port .Ar hostport , or .Ar local_socket , -from the local machine. +or, if no explicit destination was specified, +.Nm +will act as a SOCKS 4/5 proxy and forward connections to the destinations +requested by the remote SOCKS client. .Pp Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when |