diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2019-03-16 19:14:22 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2019-03-16 19:14:22 +0000 |
commit | d66472ff42c7e0d6da27e04bcf9aa2e07ed23a40 (patch) | |
tree | 66f25c203725051b2cd2c59695661a8d8b19f014 /usr.bin | |
parent | 464bf283b240714008ea933bad497bced2c1406d (diff) |
benno helped me clean up the tcp forwarding section;
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/ssh.1 | 50 |
1 files changed, 18 insertions, 32 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 41937c61a3b..9480eba8d3e 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.401 2019/03/05 16:17:12 naddy Exp $ -.Dd $Mdocdate: March 5 2019 $ +.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $ +.Dd $Mdocdate: March 16 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -1090,49 +1090,35 @@ Increase the verbosity when errors are being written to stderr. .El .Sh TCP FORWARDING -Forwarding of arbitrary TCP connections over the secure channel can -be specified either on the command line or in a configuration file. +Forwarding of arbitrary TCP connections over a secure channel +can be specified either on the command line or in a configuration file. One possible application of TCP forwarding is a secure connection to a mail server; another is going through firewalls. .Pp -In the example below, we look at encrypting communication between -an IRC client and server, even though the IRC server does not directly -support encrypted communications. +In the example below, we look at encrypting communication for an IRC client, +even though the IRC server it connects to does not directly +support encrypted communication. This works as follows: the user connects to the remote host using .Nm , -specifying a port to be used to forward connections -to the remote server. -After that it is possible to start the service which is to be encrypted -on the client machine, -connecting to the same local port, +specifying the ports to be used to forward the connection. +After that it is possible to start the program locally, and .Nm -will encrypt and forward the connection. +will encrypt and forward the connection to the remote server. .Pp -The following example tunnels an IRC session from client machine -.Dq 127.0.0.1 -(localhost) -to remote server -.Dq server.example.com : -.Bd -literal -offset 4n -$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 -$ irc -c '#users' -p 1234 pinky 127.0.0.1 -.Ed -.Pp -This tunnels a connection to IRC server +The following example tunnels an IRC session from the client +to an IRC server at .Dq server.example.com , joining channel .Dq #users , nickname .Dq pinky , -using port 1234. -It doesn't matter which port is used, -as long as it's greater than 1023 -(remember, only root can open sockets on privileged ports) -and doesn't conflict with any ports already in use. -The connection is forwarded to port 6667 on the remote server, -since that's the standard port for IRC services. +using the standard IRC port, 6667: +.Bd -literal -offset 4n +$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 +$ irc -c '#users' pinky IRC/127.0.0.1 +.Ed .Pp The .Fl f @@ -1142,7 +1128,7 @@ and the remote command .Dq sleep 10 is specified to allow an amount of time (10 seconds, in the example) -to start the service which is to be tunnelled. +to start the program which is going to use the tunnel. If no connections are made within the time specified, .Nm will exit. |