diff options
Diffstat (limited to 'usr.bin/ssh/sshd.8')
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 1f9ba951a63..814143d7343 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -303,6 +303,14 @@ wildcards in the patterns. Only group names are valid; a numerical group ID isn't recognized. By default login is allowed regardless of the primary group. .Pp +.It Cm AllowTcpForwarding +Specifies whether TCP forwarding is permitted. +The default is +.Dq yes . +Note that disabling TCP forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. +.Pp .It Cm AllowUsers This keyword can be followed by a number of user names, separated by spaces. |