From 2502c3116e524b7f132cace21c85e1b6fa2aeccb Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Sat, 25 Jan 2020 06:03:12 +0000
Subject: mention that permitopen=/PermitOpen do no name to address
 translation; prompted by bz3099

---
 usr.bin/ssh/sshd.8        | 8 ++++----
 usr.bin/ssh/sshd_config.5 | 8 +++++---
 2 files changed, 9 insertions(+), 7 deletions(-)

(limited to 'usr.bin')

diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 855fa119bd9..fbf541c55e9 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $
-.Dd $Mdocdate: December 21 2019 $
+.\" $OpenBSD: sshd.8,v 1.312 2020/01/25 06:03:10 djm Exp $
+.Dd $Mdocdate: January 25 2020 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -573,8 +573,8 @@ IPv6 addresses can be specified by enclosing the address in square brackets.
 Multiple
 .Cm permitopen
 options may be applied separated by commas.
-No pattern matching is performed on the specified hostnames,
-they must be literal domains or addresses.
+No pattern matching or name lookup is performed on the
+specified hostnames, they must be literal host names and/or addresses.
 A port specification of
 .Cm *
 matches any port.
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index cb5d8cbd819..afdc556045b 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.298 2020/01/21 06:09:56 dtucker Exp $
-.Dd $Mdocdate: January 21 2020 $
+.\" $OpenBSD: sshd_config.5,v 1.299 2020/01/25 06:03:11 djm Exp $
+.Dd $Mdocdate: January 25 2020 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1301,7 +1301,9 @@ An argument of
 can be used to prohibit all forwarding requests.
 The wildcard
 .Sq *
-can be used for host or port to allow all hosts or ports, respectively.
+can be used for host or port to allow all hosts or ports respectively.
+Otherwise, no pattern matching or address lookups are performed on supplied
+names.
 By default all port forwarding requests are permitted.
 .It Cm PermitRootLogin
 Specifies whether root can log in using
-- 
cgit v1.2.3