From f31771810cf89a3e687112e71264be266012b2de Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:09:13 +1100 Subject: - jmc@cvs.openbsd.org 2006/01/12 14:44:12 [ssh.1] split sections on tcp and x11 forwarding into two sections. add an example in the tcp section, based on sth i wrote for ssh faq; help + ok: djm markus dtucker --- ChangeLog | 7 ++++++- ssh.1 | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 68 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index e453cd43..51f05cac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,11 @@ final round of whacking FILES for duplicate info, and some consistency fixes; ok djm + - jmc@cvs.openbsd.org 2006/01/12 14:44:12 + [ssh.1] + split sections on tcp and x11 forwarding into two sections. + add an example in the tcp section, based on sth i wrote for ssh faq; + help + ok: djm markus dtucker 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on @@ -3686,4 +3691,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4085 2006/01/13 23:08:57 djm Exp $ +$Id: ChangeLog,v 1.4086 2006/01/13 23:09:13 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 0ebe177f..c15cfc31 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.245 2006/01/06 13:29:10 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.246 2006/01/12 14:44:12 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -893,7 +893,67 @@ option. Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). .El -.Sh X11 AND TCP FORWARDING +.Sh TCP FORWARDING +Forwarding of arbitrary TCP connections over the secure channel can +be specified either on the command line or in a configuration file. +One possible application of TCP forwarding is a secure connection to a +mail server; another is going through firewalls. +.Pp +In the example below, we look at encrypting communication between +an IRC client and server, even though the IRC server does not directly +support encrypted communications. +This works as follows: +the user connects to the remote host using +.Nm , +specifying a port to be used to forward connections +to the remote server. +After that it is possible to start the service which is to be encrypted +on the client machine, +connecting to the same local port, +and +.Nm +will encrypt and forward the connection. +.Pp +The following example tunnels an IRC session from client machine +.Dq 127.0.0.1 +(localhost) +to remote server +.Dq server.example.com : +.Bd -literal -offset 4n +$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 +$ irc -c '#users' -p 1234 pinky 127.0.0.1 +.Ed +.Pp +This tunnels a connection to IRC server +.Dq server.example.com , +joining channel +.Dq #users , +nickname +.Dq pinky , +using port 1234. +It doesn't matter which port is used, +as long as it's greater than 1023 +(remember, only root can open sockets on privileged ports) +and doesn't conflict with any ports already in use. +The connection is forwarded to port 6667 on the remote server, +since that's the standard port for IRC services. +.Pp +The +.Fl f +option backgrounds +.Nm +and the remote command +.Dq sleep 10 +is specified to allow an amount of time +(10 seconds, in the example) +to start the service which is to be tunnelled. +If no connections are made within the time specified, +.Nm +will exit. +Once opened, +a SSH connection will remain active +until all actively forwarded connections have closed. +.Sh X11 FORWARDING If the .Cm ForwardX11 variable is set to @@ -948,11 +1008,6 @@ and options above) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. -.Pp -Forwarding of arbitrary TCP/IP connections over the secure channel can -be specified either on the command line or in a configuration file. -One possible application of TCP/IP forwarding is a secure connection to an -electronic purse; another is going through firewalls. .Sh ENVIRONMENT .Nm will normally set the following environment variables: -- cgit v1.2.3