summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2019-03-16 19:14:22 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2019-03-16 19:14:22 +0000
commitd66472ff42c7e0d6da27e04bcf9aa2e07ed23a40 (patch)
tree66f25c203725051b2cd2c59695661a8d8b19f014 /usr.bin/ssh
parent464bf283b240714008ea933bad497bced2c1406d (diff)
benno helped me clean up the tcp forwarding section;
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/ssh.150
1 files changed, 18 insertions, 32 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 41937c61a3b..9480eba8d3e 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $
-.Dd $Mdocdate: March 5 2019 $
+.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $
+.Dd $Mdocdate: March 16 2019 $
.Dt SSH 1
.Os
.Sh NAME
@@ -1090,49 +1090,35 @@ Increase the verbosity
when errors are being written to stderr.
.El
.Sh TCP FORWARDING
-Forwarding of arbitrary TCP connections over the secure channel can
-be specified either on the command line or in a configuration file.
+Forwarding of arbitrary TCP connections over a secure channel
+can be specified either on the command line or in a configuration file.
One possible application of TCP forwarding is a secure connection to a
mail server; another is going through firewalls.
.Pp
-In the example below, we look at encrypting communication between
-an IRC client and server, even though the IRC server does not directly
-support encrypted communications.
+In the example below, we look at encrypting communication for an IRC client,
+even though the IRC server it connects to does not directly
+support encrypted communication.
This works as follows:
the user connects to the remote host using
.Nm ,
-specifying a port to be used to forward connections
-to the remote server.
-After that it is possible to start the service which is to be encrypted
-on the client machine,
-connecting to the same local port,
+specifying the ports to be used to forward the connection.
+After that it is possible to start the program locally,
and
.Nm
-will encrypt and forward the connection.
+will encrypt and forward the connection to the remote server.
.Pp
-The following example tunnels an IRC session from client machine
-.Dq 127.0.0.1
-(localhost)
-to remote server
-.Dq server.example.com :
-.Bd -literal -offset 4n
-$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
-$ irc -c '#users' -p 1234 pinky 127.0.0.1
-.Ed
-.Pp
-This tunnels a connection to IRC server
+The following example tunnels an IRC session from the client
+to an IRC server at
.Dq server.example.com ,
joining channel
.Dq #users ,
nickname
.Dq pinky ,
-using port 1234.
-It doesn't matter which port is used,
-as long as it's greater than 1023
-(remember, only root can open sockets on privileged ports)
-and doesn't conflict with any ports already in use.
-The connection is forwarded to port 6667 on the remote server,
-since that's the standard port for IRC services.
+using the standard IRC port, 6667:
+.Bd -literal -offset 4n
+$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
+$ irc -c '#users' pinky IRC/127.0.0.1
+.Ed
.Pp
The
.Fl f
@@ -1142,7 +1128,7 @@ and the remote command
.Dq sleep 10
is specified to allow an amount of time
(10 seconds, in the example)
-to start the service which is to be tunnelled.
+to start the program which is going to use the tunnel.
If no connections are made within the time specified,
.Nm
will exit.