[openssh-commits] [openssh] 03/04: upstream: man bits for PermitListen

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Jun 7 04:27:32 AEST 2018 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 04df43208b5b460d7360e1598f876b92a32f5922
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Wed Jun 6 18:24:00 2018 +0000

    upstream: man bits for PermitListen
    
    OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c
---
 sshd_config.5 | 43 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/sshd_config.5 b/sshd_config.5
index 1231f3db..775caf71 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.270 2018/06/01 06:23:10 jmc Exp $
-.Dd $Mdocdate: June 1 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.271 2018/06/06 18:24:00 djm Exp $
+.Dd $Mdocdate: June 6 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1125,6 +1125,7 @@ Available keywords are
 .Cm MaxSessions ,
 .Cm PasswordAuthentication ,
 .Cm PermitEmptyPasswords ,
+.Cm PermitListen ,
 .Cm PermitOpen ,
 .Cm PermitRootLogin ,
 .Cm PermitTTY ,
@@ -1184,6 +1185,44 @@ When password authentication is allowed, it specifies whether the
 server allows login to accounts with empty password strings.
 The default is
 .Cm no .
+.It Cm PermitListen
+Specifies the addresses/ports on which a remote TCP port forwarding may listen.
+The listen specification must be one of the following forms:
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Cm PermitListen
+.Sm off
+.Ar host : port
+.Sm on
+.It
+.Cm PermitListen
+.Sm off
+.Ar IPv4_addr : port
+.Sm on
+.It
+.Cm PermitListen
+.Sm off
+.Ar \&[ IPv6_addr \&] : port
+.Sm on
+.El
+.Pp
+Multiple permissions may be specified by separating them with whitespace.
+An argument of
+.Cm any
+can be used to remove all restrictions and permit any listen requests.
+An argument of
+.Cm none
+can be used to prohibit all listen requests.
+The host name may contain wildcards as described in the PATTERNS section in
+.Xr ssh_config 5 .
+The wildcard
+.Sq *
+can also be used in place of a port number to allow all ports.
+By default all port forwarding listen requests are permitted.
+Note that
+.Cm GatewayPorts
+option may further restrict which addresses may be listened on.
 .It Cm PermitOpen
 Specifies the destinations to which TCP port forwarding is permitted.
 The forwarding specification must be one of the following forms:

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list