diff options
author | djm@openbsd.org <djm@openbsd.org> | 2024-10-18 07:53:26 +0200 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2024-10-18 07:53:50 +0200 |
commit | fe4305c37ffe53540a67586854e25f05cf615849 (patch) | |
tree | 7c670e7185915e296d168edcde579099ff503f41 | |
parent | upstream: remove duplicate check; GHPR392 from Pedro Martelletto (diff) | |
download | openssh-fe4305c37ffe53540a67586854e25f05cf615849.tar.xz openssh-fe4305c37ffe53540a67586854e25f05cf615849.zip |
upstream: mention that LocalForward and RemoteForward can accept Unix
domain socket paths; GHPR115
OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842
-rw-r--r-- | ssh_config.5 | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 46ac65219..08c823ab3 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.403 2024/09/25 06:13:01 jmc Exp $ -.Dd $Mdocdate: September 25 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.404 2024/10/18 05:53:26 djm Exp $ +.Dd $Mdocdate: October 18 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1344,9 +1344,11 @@ This directive is ignored unless .Cm PermitLocalCommand has been enabled. .It Cm LocalForward -Specifies that a TCP port on the local machine be forwarded over -the secure channel to the specified host and port from the remote machine. -The first argument specifies the listener and may be +Specifies that a TCP port or Unix-domain socket on the local machine +be forwarded over +the secure channel to the specified host and port (or Unix-domain socket) +from the remote machine. +For a TCP port, the first argument must be .Sm off .Oo Ar bind_address : Oc Ar port .Sm on @@ -1356,6 +1358,11 @@ The second argument is the destination and may be or a Unix domain socket path if the remote host supports it. .Pp IPv6 addresses can be specified by enclosing addresses in square brackets. +.Pp +If either argument contains a '/' in it, that argument will be +interpreted as a Unix-domain socket (on the corresponding host) rather +than a TCP port. +.Pp Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. @@ -1705,9 +1712,10 @@ accept the tokens described in the .Sx TOKENS section. .It Cm RemoteForward -Specifies that a TCP port on the remote machine be forwarded over -the secure channel. +Specifies that a TCP port or Unix-domain socket on the remote machine +be forwarded over the secure channel. The remote port may either be forwarded to a specified host and port +or Unix-domain socket from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote client to connect to arbitrary destinations from the local machine. The first argument is the listening specification and may be @@ -1725,6 +1733,11 @@ restricted by .Cm PermitRemoteOpen . .Pp IPv6 addresses can be specified by enclosing addresses in square brackets. +.Pp +If either argument contains a '/' in it, that argument will be +interpreted as a Unix-domain socket (on the corresponding host) rather +than a TCP port. +.Pp Multiple forwardings may be specified, and additional forwardings can be given on the command line. Privileged ports can be forwarded only when |