Attachment #792 for bug #413




.Ek
.Oo Fl R Xo
.Sm off
.Oo Ar bind_address : Oc
.Ar port :
.Ar host :
.Ar hostport

Causes all warning and diagnostic messages to be suppressed.
.It Fl R Xo
.Sm off
.Oo bind_address : Oc
.Ar port : host : hostport
.Sm on
.Xc

port
.Ar hostport
from the local machine.
.Pp
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when
logging in as root on the remote machine.
IPv6 addresses can be specified by enclosing the address in square braces or
using an alternative syntax:
.Xo
.Sm off
.Oo Ar bind_address / Oc
.Ar host/port/hostport
.Sm on
.Xc .
.Pp
By default, the listening socket on the server will be bound to the loopback
interface only.
This may be overriden by specifying a
.Ar bind_address .
An empty 
.Ar bind_address , 
or the address
.Ql *
indicates that the remote socket should listen on all interfaces.
Specifying a remote
.Ar bind_address
will only succeed if the server's 
.Cm GatewayPorts 
option is enabled (see
.Xr sshd_config 5 ).
.It Fl S Ar ctl_path
Specifies the location of a control socket for connection sharing.
Refer to the description of




Specifies that a TCP/IP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
The first argument must be a port number, and the second must be
.Xo
.Sm off
.Oo Ar bind_address : Oc
.Ar host:port
.Sm on
.Xc .
IPv6 addresses can be specified by enclosing any addresses in square brackets
or by using the alternative syntax:
.Xo
.Sm off
.Oo Ar bind_address / Oc
.Ar host/port
.Sm on
.Xc .
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.
.Pp
If the
.Ar bind_address
is not specified, the default is to only bind to loopback addresses.
If the
.Ar bind_address
is
.Ql *
or an empty string, then the forwarding is requested to listen on all
interfaces.
Specifying a remote
.Ar bind_address
will only succeed if the server's 
.Cm GatewayPorts 
option is enabled (see
.Xr sshd_config 5 ).
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.

Lines 256-263 This prevents other remote hosts from co Link Here

(-)sshd_config.5 (-2 / +2 lines)
256	.Cm GatewayPorts	256	.Cm GatewayPorts
257	can be used to specify that	257	can be used to specify that
258	.Nm sshd	258	.Nm sshd
259	should bind remote port forwardings to the wildcard address,	259	should allow remote port forwardings to bind to non-loopback addresses, thus
260	thus allowing remote hosts to connect to forwarded ports.	260	allowing other hosts to connect.
261	The argument must be	261	The argument must be
262	.Dq yes	262	.Dq yes
263	or	263	or

Return to bug 413

Lines 69-74 Link Here

(-)ssh.1 (-5 / +25 lines)
69	.Ek	69	.Ek
70	.Oo Fl R Xo	70	.Oo Fl R Xo
71	.Sm off	71	.Sm off
		72	.Oo Ar bind_address : Oc
72	.Ar port :	73	.Ar port :
73	.Ar host :	74	.Ar host :
74	.Ar hostport	75	.Ar hostport
Lines 724-729 Quiet mode. Link Here
724	Causes all warning and diagnostic messages to be suppressed.	725	Causes all warning and diagnostic messages to be suppressed.
725	.It Fl R Xo	726	.It Fl R Xo
726	.Sm off	727	.Sm off
		728	.Oo bind_address : Oc
727	.Ar port : host : hostport	729	.Ar port : host : hostport
728	.Sm on	730	.Sm on
729	.Xc	731	.Xc
Lines 738-753 made to Link Here
738	port	740	port
739	.Ar hostport	741	.Ar hostport
740	from the local machine.	742	from the local machine.
		743	.Pp
741	Port forwardings can also be specified in the configuration file.	744	Port forwardings can also be specified in the configuration file.
742	Privileged ports can be forwarded only when	745	Privileged ports can be forwarded only when
743	logging in as root on the remote machine.	746	logging in as root on the remote machine.
744	IPv6 addresses can be specified with an alternative syntax:	747	IPv6 addresses can be specified by enclosing the address in square braces or
745	.Sm off	748	using an alternative syntax:
746	.Xo	749	.Xo
747	.Ar port No / Ar host No /	750	.Sm off
748	.Ar hostport .	751	.Oo Ar bind_address / Oc
749	.Xc	752	.Ar host/port/hostport
750	.Sm on	753	.Sm on
		754	.Xc .
		755	.Pp
		756	By default, the listening socket on the server will be bound to the loopback
		757	interface only.
		758	This may be overriden by specifying a
		759	.Ar bind_address .
		760	An empty
		761	.Ar bind_address ,
		762	or the address
		763	.Ql *
		764	indicates that the remote socket should listen on all interfaces.
		765	Specifying a remote
		766	.Ar bind_address
		767	will only succeed if the server's
		768	.Cm GatewayPorts
		769	option is enabled (see
		770	.Xr sshd_config 5 ).
751	.It Fl S Ar ctl_path	771	.It Fl S Ar ctl_path
752	Specifies the location of a control socket for connection sharing.	772	Specifies the location of a control socket for connection sharing.
753	Refer to the description of	773	Refer to the description of

Lines 587-598 This option applies to protocol version Link Here

(-)ssh_config.5 (-3 / +30 lines)
587	Specifies that a TCP/IP port on the remote machine be forwarded over	587	Specifies that a TCP/IP port on the remote machine be forwarded over
588	the secure channel to the specified host and port from the local machine.	588	the secure channel to the specified host and port from the local machine.
589	The first argument must be a port number, and the second must be	589	The first argument must be a port number, and the second must be
590	.Ar host:port .	590	.Xo
591	IPv6 addresses can be specified with an alternative syntax:	591	.Sm off
592	.Ar host/port .	592	.Oo Ar bind_address : Oc
		593	.Ar host:port
		594	.Sm on
		595	.Xc .
		596	IPv6 addresses can be specified by enclosing any addresses in square brackets
		597	or by using the alternative syntax:
		598	.Xo
		599	.Sm off
		600	.Oo Ar bind_address / Oc
		601	.Ar host/port
		602	.Sm on
		603	.Xc .
593	Multiple forwardings may be specified, and additional	604	Multiple forwardings may be specified, and additional
594	forwardings can be given on the command line.	605	forwardings can be given on the command line.
595	Only the superuser can forward privileged ports.	606	Only the superuser can forward privileged ports.
		607	.Pp
		608	If the
		609	.Ar bind_address
		610	is not specified, the default is to only bind to loopback addresses.
		611	If the
		612	.Ar bind_address
		613	is
		614	.Ql *
		615	or an empty string, then the forwarding is requested to listen on all
		616	interfaces.
		617	Specifying a remote
		618	.Ar bind_address
		619	will only succeed if the server's
		620	.Cm GatewayPorts
		621	option is enabled (see
		622	.Xr sshd_config 5 ).
596	.It Cm RhostsRSAAuthentication	623	.It Cm RhostsRSAAuthentication
597	Specifies whether to try rhosts based authentication with RSA host	624	Specifies whether to try rhosts based authentication with RSA host
598	authentication.	625	authentication.