summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authormarkus@openbsd.org <markus@openbsd.org>2017-09-21 19:16:53 +0000
committerDamien Miller <djm@mindrot.org>2017-09-22 09:14:53 +1000
commit609d7a66ce578abf259da2d5f6f68795c2bda731 (patch)
treefa0c5a5d6f04f69a6cd15bd4d3954412c4a1480c /ssh_config.5
parent36945fa103176c00b39731e1fc1919a0d0808b81 (diff)
upstream commit
Add 'reverse' dynamic forwarding which combines dynamic forwarding (-D) with remote forwarding (-R) where the remote-forwarded port expects SOCKS-requests. The SSH server code is unchanged and the parsing happens at the SSH clients side. Thus the full SOCKS-request is sent over the forwarded channel and the client parses c->output. Parsing happens in channel_before_prepare_select(), _before_ the select bitmask is computed in the pre[] handlers, but after network input processing in the post[] handlers. help and ok djm@ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.516
1 files changed, 11 insertions, 5 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index ca5a4110..eab8dd01 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.255 2017/09/04 06:34:43 jmc Exp $
-.Dd $Mdocdate: September 4 2017 $
+.\" $OpenBSD: ssh_config.5,v 1.256 2017/09/21 19:16:53 markus Exp $
+.Dd $Mdocdate: September 21 2017 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -1298,13 +1298,19 @@ accept the tokens described in the
section.
.It Cm RemoteForward
Specifies that a TCP port on the remote machine be forwarded over
-the secure channel to the specified host and port from the local machine.
+the secure channel.
+The remote port may either be fowarded to a specified host and port
+from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
+client to connect to arbitrary destinations from the local machine.
The first argument must be
.Sm off
.Oo Ar bind_address : Oc Ar port
.Sm on
-and the second argument must be
-.Ar host : Ns Ar hostport .
+If forwarding to a specific destination then the second argument must be
+.Ar host : Ns Ar hostport ,
+otherwise if no destination argument is specified then the remote forwarding
+will be established as a SOCKS proxy.
+.Pp
IPv6 addresses can be specified by enclosing addresses in square brackets.
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.