diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 17:54:24 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-09-12 17:54:24 +0000 |
| commit | 19ceb17040ba3c93833d4219d83f2002d25fd3fa (patch) | |
| tree | 3676cfbabd3a6c6a41f178b1109acee58c1edbcb | |
| parent | 6f672c09545b730a8763b42bf5418463f6ae2679 (diff) | |
- stevesk@cvs.openbsd.org 2001/08/29 23:13:10
[ssh.1 ssh.c]
document -D and DynamicForward; ok markus
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | ssh.1 | 27 | ||||
| -rw-r--r-- | ssh.c | 3 |
3 files changed, 32 insertions, 3 deletions
@@ -49,6 +49,9 @@ - stevesk@cvs.openbsd.org 2001/08/29 23:02:21 [sshd.8] add text about -u0 preventing DNS requests; ok markus@ + - stevesk@cvs.openbsd.org 2001/08/29 23:13:10 + [ssh.1 ssh.c] + document -D and DynamicForward; ok markus@ 20010815 - (bal) Fixed stray code in readconf.c that went in by mistake. @@ -6372,4 +6375,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1499 2001/09/12 17:51:55 mouring Exp $ +$Id: ChangeLog,v 1.1500 2001/09/12 17:54:24 mouring Exp $ @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.132 2001/08/28 15:39:48 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.133 2001/08/29 23:13:11 stevesk Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -606,6 +606,20 @@ Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified with an alternative syntax: .Ar port/host/hostport +.It Fl D Ar port +Specifies a local +.Dq dynamic +application-level port forwarding. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. Currently the SOCKS4 protocol is supported, and +.Nm +will act as a SOCKS4 server. +Only root can forward privileged ports. +Dynamic port forwardings can also be specified in the configuration file. .It Fl 1 Forces .Nm @@ -773,6 +787,17 @@ back to rsh or exiting. The argument must be an integer. This may be useful in scripts if the connection sometimes fails. The default is 1. +.It Cm DynamicForward +Specifies that a TCP/IP port on the local machine be forwarded +over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. The argument must be a port number. +Currently the SOCKS4 protocol is supported, and +.Nm +will act as a SOCKS4 server. +Multiple forwardings may be specified, and +additional forwardings can be given on the command line. Only +the superuser can forward privileged ports. .It Cm EscapeChar Sets the escape character (default: .Ql ~ ) . @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.139 2001/08/28 15:39:48 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.140 2001/08/29 23:13:10 stevesk Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -194,6 +194,7 @@ usage(void) fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n"); fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname); fprintf(stderr, " forward them to the other side by connecting to host:port.\n"); + fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n"); fprintf(stderr, " -C Enable compression.\n"); fprintf(stderr, " -N Do not execute a shell or command.\n"); fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); |