From 803d896ef30758135e2f438bdd1a0be27989e018 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Wed, 6 Jun 2018 18:24:15 +0000 Subject: [PATCH] upstream: man bits for permitlisten authorized_keys option OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78 --- sshd.8 | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/sshd.8 b/sshd.8 index 62cac6f28..192094ca0 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.299 2018/03/14 06:56:20 jmc Exp $ -.Dd $Mdocdate: March 14 2018 $ +.\" $OpenBSD: sshd.8,v 1.300 2018/06/06 18:24:15 djm Exp $ +.Dd $Mdocdate: June 6 2018 $ .Dt SSHD 8 .Os .Sh NAME @@ -554,11 +554,28 @@ Disables execution of .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. +.It Cm permitlisten="host:port" +Limit remote port forwarding with +.Xr ssh 1 +.Fl R +option such that it may only listen on the specified host and port. +IPv6 addresses can be specified by enclosing the address in square brackets. +Multiple +.Cm permitlisten +options may be applied separated by commas. +Hostnames may include wildcards as described in the PATTERNS section in +.Xr ssh_config 5 . +A port specification of +.Cm * +matches any port. +Note that the setting of +.Cm GatewayPorts +may further restrict listen addresses. .It Cm permitopen="host:port" Limit local port forwarding with .Xr ssh 1 .Fl L -such that it may only connect to the specified host and port. +option such that it may only connect to the specified host and port. IPv6 addresses can be specified by enclosing the address in square brackets. Multiple .Cm permitopen