diff options
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 0206513384a..04b49917898 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.403 2024/09/25 06:13:01 jmc Exp $ -.Dd $Mdocdate: September 25 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.404 2024/10/18 05:53:26 djm Exp $ +.Dd $Mdocdate: October 18 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1345,9 +1345,11 @@ This directive is ignored unless .Cm PermitLocalCommand has been enabled. .It Cm LocalForward -Specifies that a TCP port on the local machine be forwarded over -the secure channel to the specified host and port from the remote machine. -The first argument specifies the listener and may be +Specifies that a TCP port or Unix-domain socket on the local machine +be forwarded over +the secure channel to the specified host and port (or Unix-domain socket) +from the remote machine. +For a TCP port, the first argument must be .Sm off .Oo Ar bind_address : Oc Ar port .Sm on @@ -1357,6 +1359,11 @@ The second argument is the destination and may be or a Unix domain socket path if the remote host supports it. .Pp IPv6 addresses can be specified by enclosing addresses in square brackets. +.Pp +If either argument contains a '/' in it, that argument will be +interpreted as a Unix-domain socket (on the corresponding host) rather +than a TCP port. +.Pp Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. @@ -1706,9 +1713,10 @@ accept the tokens described in the .Sx TOKENS section. .It Cm RemoteForward -Specifies that a TCP port on the remote machine be forwarded over -the secure channel. +Specifies that a TCP port or Unix-domain socket on the remote machine +be forwarded over the secure channel. The remote port may either be forwarded to a specified host and port +or Unix-domain socket from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote client to connect to arbitrary destinations from the local machine. The first argument is the listening specification and may be @@ -1726,6 +1734,11 @@ restricted by .Cm PermitRemoteOpen . .Pp IPv6 addresses can be specified by enclosing addresses in square brackets. +.Pp +If either argument contains a '/' in it, that argument will be +interpreted as a Unix-domain socket (on the corresponding host) rather +than a TCP port. +.Pp Multiple forwardings may be specified, and additional forwardings can be given on the command line. Privileged ports can be forwarded only when |