ssh(1) documentation for -L and -R
D. Hugh Redelmeier
hugh at mimosa.com
Sun Sep 16 08:06:35 EST 2012
I found that the documentation for -L and -R was hard to understand.
So I made some changes to try to make it clearer. I started with Revision
1.328 from http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1
Comments welcome.
================ ssh.1.patch ================
--- ssh.1 2012/09/15 16:08:48 1.1
+++ ssh.1 2012/09/15 20:23:35
@@ -51,13 +51,13 @@
.Op Fl F Ar configfile
.Op Fl I Ar pkcs11
.Op Fl i Ar identity_file
-.Op Fl L Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
+.Op Fl L Oo Ar bind_address : Oc Ns Ar localport : Ns Ar remoteaddr : Ns Ar remoteport
.Op Fl l Ar login_name
.Op Fl m Ar mac_spec
.Op Fl O Ar ctl_cmd
.Op Fl o Ar option
.Op Fl p Ar port
-.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
+.Op Fl R Oo Ar bind_address : Oc Ns Ar remoteport : Ns Ar localaddr : Ns Ar localport
.Op Fl S Ar ctl_path
.Op Fl W Ar host : Ns Ar port
.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
@@ -296,26 +296,37 @@
.It Fl L Xo
.Sm off
.Oo Ar bind_address : Oc
-.Ar port : host : hostport
+.Ar localport : remoteaddr : remoteport
.Sm on
.Xc
-Specifies that the given port on the local (client) host is to be
-forwarded to the given host and port on the remote side.
+Specifies that the given TCP port
+.Ar localport
+on the local (client) host is to be
+forwarded to the given
+.Ar remoteaddr
+and
+.Ar remoteport
+on the remote side.
This works by allocating a socket to listen to
-.Ar port
+.Ar localport
on the local side, optionally bound to the specified
.Ar bind_address .
Whenever a connection is made to this port, the
connection is forwarded over the secure channel, and a connection is
made to
-.Ar host
+.Ar remoteaddr
port
-.Ar hostport
+.Ar remoteport
from the remote machine.
+.Ar remoteaddr
+is resolved on the remote machine.
Port forwardings can also be specified in the configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets.
-Only the superuser can forward privileged ports.
-By default, the local port is bound in accordance with the
+Only the superuser can forward a privileged
+.Ar localport .
+By default, the
+.Ar localport
+is bound in accordance with the
.Cm GatewayPorts
setting.
However, an explicit
@@ -488,23 +499,31 @@
.It Fl R Xo
.Sm off
.Oo Ar bind_address : Oc
-.Ar port : host : hostport
+.Ar remoteport : localaddr : localport
.Sm on
.Xc
-Specifies that the given port on the remote (server) host is to be
-forwarded to the given host and port on the local side.
+Specifies that the given TCP port
+.Ar remoteport
+on the remote (server) host is to be
+forwarded to the given
+.Ar localaddr
+and
+.Ar localport
+on the local side.
This works by allocating a socket to listen to
-.Ar port
+.Ar remoteport
on the remote side, and whenever a connection is made to this port, the
connection is forwarded over the secure channel, and a connection is
made to
-.Ar host
+.Ar localaddr
port
-.Ar hostport
+.Ar localport
from the local machine.
.Pp
Port forwardings can also be specified in the configuration file.
-Privileged ports can be forwarded only when
+A privileged
+.Ar remoteport
+ can be forwarded only when
logging in as root on the remote machine.
IPv6 addresses can be specified by enclosing the address in square brackets.
.Pp
@@ -525,7 +544,7 @@
.Xr sshd_config 5 ) .
.Pp
If the
-.Ar port
+.Ar remoteport
argument is
.Ql 0 ,
the listen port will be dynamically allocated on the server and reported
@@ -972,12 +991,12 @@
.Dq #users ,
nickname
.Dq pinky ,
-using port 1234.
+using port 1234/TCP.
It doesn't matter which port is used,
as long as it's greater than 1023
(remember, only root can open sockets on privileged ports)
and doesn't conflict with any ports already in use.
-The connection is forwarded to port 6667 on the remote server,
+The connection is forwarded to port 6667/TCP on the remote server,
since that's the standard port for IRC services.
.Pp
The
================ end ================
More information about the openssh-unix-dev
mailing list