diff options
author | djm <djm> | 2005-03-01 10:24:33 +0000 |
---|---|---|
committer | djm <djm> | 2005-03-01 10:24:33 +0000 |
commit | 2e724e945462421c433af78877660653dea54a84 (patch) | |
tree | 44a1ed269bb1a364dbf136982c9ea08f6ef5c6b4 /ssh_config.5 | |
parent | d671b02b875ff33f7677484696807dfb0d2fb76e (diff) | |
download | openssh-2e724e945462421c433af78877660653dea54a84.tar.gz |
- djm@cvs.openbsd.org 2005/03/01 10:09:52
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 70 |
1 files changed, 61 insertions, 9 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 8f6d851b..6b6cfc5e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.42 2005/02/28 00:54:10 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.43 2005/03/01 10:09:52 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -480,12 +480,37 @@ The default is to use the server specified list. Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . -Multiple forwardings may be specified, and additional -forwardings can be given on the command line. +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host:port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing addresses in square brackets or +by using an alternative syntax: +.Xo +.Sm off +.Oo Ar bind_address / Oc +.Ar host/port +.Sm on +.Xc . +Multiple forwardings may be specified, and additional forwardings can be +given on the command line. Only the superuser can forward privileged ports. +By default, the local port is bound in accordance with the +.Cm GatewayPorts +setting. +However, an explicit +.Ar bind_address +may be used to bind the connection to a specific address. +The +.Ar bind_address +of +.Dq localhost +indicates that the listening port be bound for local use only, while an +empty address or +.Dq * +indicates that the port should be available from all interfaces. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Nm ssh . @@ -592,12 +617,39 @@ This option applies to protocol version 2 only. Specifies that a TCP/IP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. The first argument must be a port number, and the second must be -.Ar host:port . -IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . +.Xo +.Sm off +.Oo Ar bind_address : Oc +.Ar host:port +.Sm on +.Xc . +IPv6 addresses can be specified by enclosing any addresses in square brackets +or by using the alternative syntax: +.Xo +.Sm off +.Oo Ar bind_address / Oc +.Ar host/port +.Sm on +.Xc . Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.Pp +If the +.Ar bind_address +is not specified, the default is to only bind to loopback addresses. +If the +.Ar bind_address +is +.Ql * +or an empty string, then the forwarding is requested to listen on all +interfaces. +Specifying a remote +.Ar bind_address +will only succeed if the server's +.Cm GatewayPorts +option is enabled (see +.Xr sshd_config 5 ). .It Cm RhostsRSAAuthentication Specifies whether to try rhosts based authentication with RSA host authentication. |