diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2021-02-15 20:43:16 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2021-02-15 20:43:16 +0000 |
| commit | 3ac09cf220068b2d2e6f132b59ca27486f600631 (patch) | |
| tree | 269a1c41bf5167b18030cdb75dc71a19fe9806ba /usr.bin/ssh/ssh_config.5 | |
| parent | c22099cac4b7502695591c1ca55f2a8380a0fb68 (diff) | |
ssh: add PermitRemoteOpen for remote dynamic forwarding with SOCKS
ok djm@, dtucker@
Diffstat (limited to 'usr.bin/ssh/ssh_config.5')
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 29a199cbfe5..99e7033f661 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.346 2021/02/15 11:09:22 dlg Exp $ +.\" $OpenBSD: ssh_config.5,v 1.347 2021/02/15 20:43:15 markus Exp $ .Dd $Mdocdate: February 15 2021 $ .Dt SSH_CONFIG 5 .Os @@ -1291,6 +1291,42 @@ The argument must be or .Cm no (the default). +.It Cm PermitRemoteOpen +Specifies the destinations to which remote TCP port forwarding is permitted when +.Cm RemoteForward +is used as a SOCKS proxy. +The forwarding specification must be one of the following forms: +.Pp +.Bl -item -offset indent -compact +.It +.Cm PermitRemoteOpen +.Sm off +.Ar host : port +.Sm on +.It +.Cm PermitRemoteOpen +.Sm off +.Ar IPv4_addr : port +.Sm on +.It +.Cm PermitRemoteOpen +.Sm off +.Ar \&[ IPv6_addr \&] : port +.Sm on +.El +.Pp +Multiple forwards may be specified by separating them with whitespace. +An argument of +.Cm any +can be used to remove all restrictions and permit any forwarding requests. +An argument of +.Cm none +can be used to prohibit all forwarding requests. +The wildcard +.Sq * +can be used for host or port to allow all hosts or ports respectively. +Otherwise, no pattern matching or address lookups are performed on supplied +names. .It Cm PKCS11Provider Specifies which PKCS#11 provider to use or .Cm none @@ -1485,6 +1521,9 @@ If forwarding to a specific destination then the second argument must be or a Unix domain socket path, otherwise if no destination argument is specified then the remote forwarding will be established as a SOCKS proxy. +When acting as a SOCKS proxy the destination of the connection can be +restricted by +.Cm PermitRemoteOpen . .Pp IPv6 addresses can be specified by enclosing addresses in square brackets. Multiple forwardings may be specified, and additional |