diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-01-07 16:42:17 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2006-01-07 16:42:17 +0000 |
| commit | a6520c07226f1695a3d1fee496d4475dac1a33a4 (patch) | |
| tree | 8b9e282d5a16dc678bcb0d3eb8365630b2558931 | |
| parent | 2eecf40c6cc7d42b78e02e7876b67401af6c07a3 (diff) | |
expand the section on ssh tunnelling machanisms;
from michael knudsen
| -rw-r--r-- | usr.sbin/authpf/authpf.8 | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8 index 2e95e37d980..5a15b8c8e07 100644 --- a/usr.sbin/authpf/authpf.8 +++ b/usr.sbin/authpf/authpf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.40 2005/09/23 14:36:46 jmc Exp $ +.\" $OpenBSD: authpf.8,v 1.41 2006/01/07 16:42:16 jmc Exp $ .\" .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -225,8 +225,11 @@ it becomes unresponsive, or if arp or address spoofing is used to hijack the session. Note that TCP keepalives are not sufficient for this, since they are not secure. -Also note that +Also note that the various SSH tunnelling mechanisms, +such as .Ar AllowTcpForwarding +and +.Ar PermitTunnel , should be disabled for .Nm users to prevent them from circumventing restrictions imposed by the |